diff --git a/server.js b/server.js
index 56a3bc3022bebcfbe9555b52bf67337c42c69da2..fbc58c850fb6f7b76b5d9e4d6b6a3ea7ea735875 100644
--- a/server.js
+++ b/server.js
@@ -21,7 +21,7 @@ container.load(loggerBackendModule);
 
 //CORS middleware
 const allowCrossDomain = function (req, res, next) {
-    if (req.headers.origin.endsWith('.deadlock.io')) {
+    if (req.headers.origin && req.headers.origin.endsWith('.deadlock.io')) {
         res.setHeader('Access-Control-Allow-Origin', req.headers.origin);
         res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,Content-Type');
         res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');