diff --git a/@app/server/src/middleware/installSession.ts b/@app/server/src/middleware/installSession.ts
index e41188d3..8de332a1 100644
--- a/@app/server/src/middleware/installSession.ts
+++ b/@app/server/src/middleware/installSession.ts
@@ -75,7 +75,15 @@ export default (app: Express) => {
    * different authentication method such as bearer tokens.
    */
   const wrappedSessionMiddleware: RequestHandler = (req, res, next) => {
-    if (req.isSameOrigin) {
+    const origins = [];
+    if (process.env.SESSION_ALLOWED_ORIGINS) {
+      origins.push(
+        ...(process.env.SESSION_ALLOWED_ORIGINS?.replace(/s\s/g, "").split(
+          ","
+        ) || [])
+      );
+    }
+    if (req.isSameOrigin || origins.includes(req.get("Origin") || "")) {
       sessionMiddleware(req, res, next);
     } else {
       next();