diff --git a/src/Core/Middleware/CorsMiddleware.php b/src/Core/Middleware/CorsMiddleware.php
index 3db3d170..d6ee4166 100644
--- a/src/Core/Middleware/CorsMiddleware.php
+++ b/src/Core/Middleware/CorsMiddleware.php
@@ -10,6 +10,7 @@
 use Psr\Http\Server\RequestHandlerInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
 use Windwalker\Core\Http\CorsHandler;
+use Windwalker\Core\Manager\Logger;
 use Windwalker\DI\Container;
 use Windwalker\Http\Response\Response;
 use Windwalker\Utilities\Options\OptionsResolverTrait;
@@ -102,7 +103,13 @@ public function getCorsHandler(ServerRequestInterface $request): CorsHandler
         } else {
             if (count($allows) === 1) {
                 // If only 1 allows, always send this as allow origin
-                $origin = $allows[0];
+
+                // If allow is not wildcards, set as the only 1 allow
+                if ($allows[0] !== '*') {
+                    $origin = $allows[0];
+                }
+
+                // If allow is wildcards, keep the request origin
             } elseif (count($allows) > 1) {
                 // Is has multiple allow, check origin in allow list
                 if (!in_array($origin, $allows, true)) {