diff --git a/php/add.php b/php/add.php
index 4adc8c0e..e5b3c966 100644
--- a/php/add.php
+++ b/php/add.php
@@ -3,12 +3,13 @@ if(!isset($_POST['domain'], $_POST['list'], $_POST['token']))
     die("Missing POST variables");
 
 // Check CORS
-if($_SERVER['HTTP_ORIGIN'] != "http://pi.hole" && $_SERVER['HTTP_ORIGIN'] != "http://${_SERVER['SERVER_ADDR']}" &&
-    $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] && $_SERVER['HTTP_HOST'] != "pi.hole")
+if($_SERVER['HTTP_ORIGIN'] == "http://pi.hole" || $_SERVER['HTTP_ORIGIN'] == "http://${_SERVER['SERVER_ADDR']}")
+    header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
+else if($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_ADDR'] || $_SERVER['HTTP_HOST'] == "pi.hole")
+    header("Access-Control-Allow-Origin: ${_SERVER['HTTP_HOST']}");
+else
     die("Failed CORS");
 
-header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
-
 session_start();
 
 // Check CSRF token
diff --git a/php/sub.php b/php/sub.php
index 5382a5e1..cee19723 100644
--- a/php/sub.php
+++ b/php/sub.php
@@ -3,12 +3,13 @@ if(!isset($_POST['domain'], $_POST['list'], $_POST['token']))
     die("Missing POST variables");
 
 // Check CORS
-if($_SERVER['HTTP_ORIGIN'] != "http://pi.hole" && $_SERVER['HTTP_ORIGIN'] != "http://${_SERVER['SERVER_ADDR']}" &&
-    $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] && $_SERVER['HTTP_HOST'] != "pi.hole")
+if($_SERVER['HTTP_ORIGIN'] == "http://pi.hole" || $_SERVER['HTTP_ORIGIN'] == "http://${_SERVER['SERVER_ADDR']}")
+    header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
+else if($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_ADDR'] || $_SERVER['HTTP_HOST'] == "pi.hole")
+    header("Access-Control-Allow-Origin: ${_SERVER['HTTP_HOST']}");
+else
     die("Failed CORS");
 
-header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
-
 session_start();
 
 // Check CSRF token