diff --git a/docker/Dockerfile b/docker/Dockerfile
index 26806e1d..20dee2ea 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -70,6 +70,7 @@ ENV SESSION_KEY=""
 ENV REVERSE_PROXY="false"
 ENV REVERSE_PROXY_TLS_PORT=""
 ENV ARGS=""
+ENV ALLOWED_ORIGIN="false"
 
 RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ] && [ "$INCLUDE_MONGODBTOOLS" != "yes" ] && [ "$INCLUDE_MONGODBTOOLS" != "YES" ] \
     && [ "$INCLUDE_MONGODBTOOLS" != "true" ] && [ "$INCLUDE_MONGODBTOOLS" != "TRUE" ]; then \
diff --git a/docker/config.json.template b/docker/config.json.template
index cef4ad33..44594aa8 100644
--- a/docker/config.json.template
+++ b/docker/config.json.template
@@ -25,7 +25,8 @@
       "NewAccounts": true,
       "localSessionRecording": true,
       "_userNameIsEmail": true,
-      "_certUrl": "my.reverse.proxy"
+      "_certUrl": "my.reverse.proxy",
+      "allowedOrigin": false
     }
   },
   "_letsencrypt": {
diff --git a/docker/readme.md b/docker/readme.md
index 06bb43d1..fa17e6a5 100644
--- a/docker/readme.md
+++ b/docker/readme.md
@@ -47,6 +47,9 @@ LOCALSESSIONRECORDING=false
 MINIFY=true
 # set this value to add extra arguments to meshcentral on startup (e.g --debug ldap)
 ARGS=
+# set to the hostname(s) meshcentral will be reachable on, or true to disable origin checking
+# forms allowed "hostname" or "hostname1,hostname2" or ["hostname1","hostname2"]
+ALLOWED_ORIGIN=false
 ```
 
 ## docker-compose.yml
diff --git a/docker/startup.sh b/docker/startup.sh
index da3f0b34..b54c83e8 100644
--- a/docker/startup.sh
+++ b/docker/startup.sh
@@ -21,6 +21,11 @@ else
     sed -i "s/\"minify\": false/\"minify\": $MINIFY/" meshcentral-data/"${CONFIG_FILE}"
     sed -i "s/\"WebRTC\": false/\"WebRTC\": $WEBRTC/" meshcentral-data/"${CONFIG_FILE}"
     sed -i "s/\"AllowFraming\": false/\"AllowFraming\": $IFRAME/" meshcentral-data/"${CONFIG_FILE}"
+    if [[ "$ALLOWED_ORIGIN" =~ ^\[.*\]|^true|^false ]]; then
+        sed -i "s/\"allowedOrigin\": false/\"allowedOrigin\": $ALLOWED_ORIGIN/" meshcentral-data/"${CONFIG_FILE}"
+    else
+        sed -i "s/\"allowedOrigin\": false/\"allowedOrigin\": \"$ALLOWED_ORIGIN\"/" meshcentral-data/"${CONFIG_FILE}"
+    fi
     if [ -z "$SESSION_KEY" ]; then
         SESSION_KEY="$(cat /dev/urandom | tr -dc 'A-Z0-9' | fold -w 48 | head -n 1)"
     fi