diff --git a/apxtri.js b/apxtri.js
index 4786308..9e7a363 100755
--- a/apxtri.js
+++ b/apxtri.js
@@ -175,21 +175,38 @@ app.disable("x-powered-by"); // for security
 app.locals.tribeids = tribeIds;
 if (log) console.log(currentmod, " app.locals.tribeids", app.locals.tribeids);
 // Cors management
-if (log) {
-  app.use((req, res, next) => {
-    console.log(currentmod, "request origin:", req.headers.origin);
-    console.log(currentmod, "req.headers:", req.headers);
-    next();
-  });
-}
-let origlist = [undefined];
+let originlst = "test";
 doms.forEach((d) => {
-  origlist.push(new RegExp(`^http.?:\/\/${d.replace(/\./g, "\\.")}`));
+  originlst += `|${d.replace(/\./g, "\\.")}`;
+});
+const regtxt = `^http.?:\/\/(${originlst})`;
+let cor = false;
+console.log(regtxt);
+const regorigin = new RegExp(regtxt);
+app.use((req, res, next) => {
+  if (req.headers.origin == undefined) {
+    cor = true;
+  } else {
+    cor = regorigin.test(req.headers.origin);
+  }
+  if (log)
+    console.log(
+      currentmod,
+      "request origin:",
+      req.headers.origin,
+      "testcors:",
+      cor, "headers allowed: [", conf.api.exposedHeaders.join(','),"]"
+    );
+  cors({
+    origin: cor,
+    allowedHeaders: conf.api.exposedHeaders,
+    exposedHeaders: conf.api.exposedHeaders,
+    credentials: true,
+    preflightContinue: false,
+    optionsSuccessStatus: 204
+  });
+  next();
 });
-if (log) console.log(currentmod, "List of white cors origin", origlist);
-// CORS
-//app.use(cors(corsOptions));
-app.use(cors({ origin: origlist }));
 
 // Routers add any routes from /routes and /plugins
 let logroute = "Routes available on this apxtri instance: \n";
@@ -211,9 +228,9 @@ if (log) {
 }
 
 app.listen(conf.api.port, () => {
-  let webaccess = `api waits request on `;
+  let webaccess = `api waits request on port:${conf.api.port} for`;
   conf.dns.forEach((u) => {
-    webaccess += `http://${u}:${conf.api.port} `;
+    webaccess += `${u}/api/ `;
   });
   if (log) console.log(currentmod, webaccess);
 });