diff --git a/server/src/hooks/cors.ts b/server/src/hooks/cors.ts
index 6e623f7..6b0c5d8 100644
--- a/server/src/hooks/cors.ts
+++ b/server/src/hooks/cors.ts
@@ -31,7 +31,16 @@ export const corsHook: onRequestHookHandler = async(request, response) => {
   if (routesWithoutCors.includes(request.url)) {
     return undefined;
   }
-  if (!isValidOrigin(request.headers.origin)) {
+  const { origin } = request.headers;
+  const { host } = request.headers;
+  const { referer } = request.headers;
+
+  const isSameOriginSafe
+  = origin === undefined
+  && host === "hikari.nhcarrigan.com"
+  && referer?.startsWith("https://hikari.nhcarrigan.com");
+
+  if (!isValidOrigin(origin) && isSameOriginSafe !== true) {
     return await response.status(403).send({
       error: