diff --git a/src/oidcserver.js b/src/oidcserver.js
index b6f249a7a..0c8f64955 100644
--- a/src/oidcserver.js
+++ b/src/oidcserver.js
@@ -724,7 +724,7 @@ async function start() {
         },
         clientBasedCORS(ctx, origin, client) {
             // allow CORS for clients where at least the origin matches where we redirect back to
-            if (client.redirectUris.find((u) => u.indexOf(origin) === 0)) return true;
+            if (client.redirectUris.find((u) => origin === '*' || u.indexOf(origin) === 0)) return true;
 
             return false;
         },