diff --git a/src/main/java/de/thm/arsnova/web/CorsFilter.java b/src/main/java/de/thm/arsnova/web/CorsFilter.java
index a250689f22770073b0cf9fb71a6a14126cf386f5..96d935c07b646f10192962eb9ef0f40f1c63bbc8 100644
--- a/src/main/java/de/thm/arsnova/web/CorsFilter.java
+++ b/src/main/java/de/thm/arsnova/web/CorsFilter.java
@@ -41,9 +41,13 @@ public class CorsFilter extends OncePerRequestFilter {
 		response.addHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With");
 
 		if (request.getHeader("origin") != null) {
-			response.addHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
+			response.addHeader("Access-Control-Allow-Origin", sanitizeOriginUrl(request.getHeader("origin")));
 		}
 
 		filterChain.doFilter(request, response);
 	}
+
+	private String sanitizeOriginUrl(String originUrl) {
+		return originUrl.replaceAll("[\n\r]+"," ");
+	}
 }