diff --git a/Security/Listener/CorsSecurityListener.php b/Security/Listener/CorsSecurityListener.php
index dcc6c33..0a5d5cb 100644
--- a/Security/Listener/CorsSecurityListener.php
+++ b/Security/Listener/CorsSecurityListener.php
@@ -43,6 +43,11 @@ public function onKernelRequest(RequestEvent $event): void
             return;
         }
 
+        // If Origin header was the same as the request host, we can skip CORS validation
+        if ($request->headers->get('Origin') === $request->getSchemeAndHttpHost()) {
+            return;
+        }
+
         // If the request has an Origin header and the CORS listener has not validated it, deny the request
         if (
             $request->headers->has('Origin')