diff --git a/apxtri/apxtri.js b/apxtri/apxtri.js
index fb997ed..eb8a065 100755
--- a/apxtri/apxtri.js
+++ b/apxtri/apxtri.js
@@ -322,13 +322,16 @@ apxtri.runexpress = async (tribesdns, conf) => {
   regtxt += ")$";
   //  let cor = false;whatwg-url
   const regorigin = new RegExp(regtxt);
+  const allowedOrigins = [
+    'http://dev.smatchit.io:8081',
+  ];
   app.use(cors({
     origin: function (origin, callback) {
       if (!origin) {
         return callback(null, true);
       }
       
-      if (regorigin.test(origin)) {
+      if (regorigin.test(origin) || allowedOrigins.includes(origin)) {
         return callback(null, true);
       } else {
         console.log(
@@ -346,7 +349,7 @@ apxtri.runexpress = async (tribesdns, conf) => {
 
   app.use((req, res, next) => {
     const origin = req.headers.origin;
-    if (origin && !regorigin.test(origin)) {
+    if (origin && !regorigin.test(origin) && !allowedOrigins.includes(origin)) {
       console.log(`CORS blocked: ${origin}`);
       return res.status(403).json({ error: 'CORS not allowed', origin });
     }