diff --git a/src/Http/Handlers/SockChatHandler.php b/src/Http/Handlers/SockChatHandler.php
index bbf5e54a..b25eb3b7 100644
--- a/src/Http/Handlers/SockChatHandler.php
+++ b/src/Http/Handlers/SockChatHandler.php
@@ -396,18 +396,22 @@ final class SockChatHandler extends Handler {
 
     public function token(HttpResponse $response, HttpRequest $request) {
         $host = $request->getHeaderLine('Host');
-        $origin = strtolower(parse_url($request->getHeaderLine('Origin'), PHP_URL_HOST));
+        $origin = $request->getHeaderLine('Origin');
+        $originHost = strtolower(parse_url($origin, PHP_URL_HOST));
 
-        if(!empty($origin) && $origin !== $host) {
+        if(!empty($originHost) && $originHost !== $host) {
             $whitelist = Config::get('sockChat.origins', Config::TYPE_ARR, []);
 
-            if(!in_array($origin, $whitelist))
+            if(!in_array($originHost, $whitelist))
                 return 403;
 
-            $request->setHeader('Access-Control-Allow-Origin', $origin);
-            $request->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
-            $request->setHeader('Access-Control-Allow-Credentials', 'true');
-            $request->setHeader('Vary', 'Origin');
+            $originProto = strtolower(parse_url($origin, PHP_URL_SCHEME));
+            $origin = $originProto . '://' . $originHost;
+
+            $response->setHeader('Access-Control-Allow-Origin', $origin);
+            $response->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
+            $response->setHeader('Access-Control-Allow-Credentials', 'true');
+            $response->setHeader('Vary', 'Origin');
         }
 
         if($request->getMethod() === 'OPTIONS')