diff --git a/lib/util/http.js b/lib/util/http.js
index a1a9c98..105ba02 100644
--- a/lib/util/http.js
+++ b/lib/util/http.js
@@ -9,9 +9,16 @@ var Cookies = require('cookies')
  */
 
 exports.setup = function(req, res, next) {
-  var remoteHost = parseUrl(req.headers.referer || '').host
-    , origins = ['http://' + remoteHost, 'https://' + remoteHost]
-    , handler = corser.create({supportsCredentials: true, methods: ALLOWED_METHODS, origins: origins});
+  var remoteHost = req.headers.origin
+    , corsOpts = {supportsCredentials: true, methods: ALLOWED_METHODS};
+    
+  if(remoteHost) {
+    corsOpts.origins = [remoteHost];
+  } else {
+    corsOpts.supportsCredentials = false;
+  }
+  
+  var handler = corser.create(corsOpts);
   
   handler(req, res, function () {
     req.cookies = res.cookies = new Cookies(req, res);