diff --git a/airtime_mvc/application/common/CORSHelper.php b/airtime_mvc/application/common/CORSHelper.php
index cf3f6d5ac..6febb0f1b 100644
--- a/airtime_mvc/application/common/CORSHelper.php
+++ b/airtime_mvc/application/common/CORSHelper.php
@@ -10,7 +10,7 @@ class CORSHelper
         //Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
         $response = $response->setHeader('Access-Control-Allow-Origin', '*');
         $origin = $request->getHeader('Origin');
-        if (($origin != "") &&
+        if ((!(preg_match("/https?:\/\/localhost/", $origin) === 1)) && ($origin != "") &&
         (!in_array($origin,
                 array("http://www.airtime.pro",
                         "https://www.airtime.pro",