diff --git a/WelsonJS.Toolkit/WelsonJS.Launcher/ResourceServer.cs b/WelsonJS.Toolkit/WelsonJS.Launcher/ResourceServer.cs
index 6da51ac..9119b30 100644
--- a/WelsonJS.Toolkit/WelsonJS.Launcher/ResourceServer.cs
+++ b/WelsonJS.Toolkit/WelsonJS.Launcher/ResourceServer.cs
@@ -522,13 +522,18 @@ namespace WelsonJS.Launcher
                 return true;
             }
 
-            if (allowed.Contains(origin, StringComparer.OrdinalIgnoreCase))
+            // only perform a single, case-sensitive origin check
             if (allowed.Contains(origin, StringComparer.Ordinal))
             {
                 respHeaders["Access-Control-Allow-Origin"] = origin;
                 respHeaders["Access-Control-Allow-Credentials"] = "true";
                 return true;
             }
+            {
+                respHeaders["Access-Control-Allow-Origin"] = origin;
+                respHeaders["Access-Control-Allow-Credentials"] = "true";
+                return true;
+            }
 
             return false;
         }