diff --git a/lib/mvcfronk/mfBase/mfBaseApicontroller.php b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
index 74b071b22..ab2f2aab0 100644
--- a/lib/mvcfronk/mfBase/mfBaseApicontroller.php
+++ b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
@@ -53,7 +53,12 @@ class mfBaseApicontroller {
       if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
         $origin_proto = $m[1];
         $origin_hostname = $m[2];
-        header("Access-Control-Allow-Origin: ".$origin_proto."://".$origin_hostname);
+        $origin_port = $m[3];
+        $allowed_origin = $origin_proto."://".$origin_hostname;
+        if($origin_port) {
+          $allowed_origin .= "$origin_port";
+        }
+        header("Access-Control-Allow-Origin: $allowed_origin");
         $this->return(mfResponse::Ok());
       }
     }
@@ -333,11 +338,14 @@ class mfBaseApicontroller {
       return true;
     }
     
-    $request_origin = ["proto" => false, "hostname" => ""];
+    $request_origin = ["proto" => false, "hostname" => "", "port" => false];
     $m = [];
     if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
       $request_origin['proto'] = $m[1];
       $request_origin['hostname'] = $m[2];
+      if(array_key_exists(3, $m) && $m[3]) {
+        $request_origin['port'] = $m[3];
+      }
     } else {
       $this->return(mfResponse::Forbidden(["message" => "Malformed Origin header"]));
     }
@@ -345,7 +353,11 @@ class mfBaseApicontroller {
     if($request_origin['hostname'] == "localhost") {
       // always allow requests from localhost
       $this->log->debug("Allowing localhost Origin");
-      header("Access-Control-Allow-Origin: ".$request_origin['proto']."://".$request_origin['hostname']);
+      $allowed_origin = $request_origin['proto']."://".$request_origin['hostname'];
+      if($request_origin['port']) {
+        $allowed_origin .= $request_origin['port'];
+      }
+      header("Access-Control-Allow-Origin: $allowed_origin");
       return true;
     }
     
@@ -369,13 +381,22 @@ class mfBaseApicontroller {
       if(preg_match('/^'.$hostname.'$/', $request_origin['hostname'])) {
         if($proto) {
           if($proto == $request_origin['proto']) {
-            header("Access-Control-Allow-Origin: $proto://".$request_origin['hostname']);
+            $allowed_origin = $proto."://".$request_origin['hostname'];
+            if($request_origin['port']) {
+              $allowed_origin .= $request_origin['port'];
+            }
+            header("Access-Control-Allow-Origin: $allowed_origin");
             return true;
           }
         } else {
-          header("Access-Control-Allow-Origin: ".$request_origin['proto']."://".$request_origin['hostname']);
+          $allowed_origin = $request_origin['proto']."://".$request_origin['hostname'];
+          if($request_origin['port']) {
+            $allowed_origin .= $request_origin['port'];
+          }
+          header("Access-Control-Allow-Origin: $allowed_origin");
           return true;
         }
+        
       }
     }