diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index 7f8c8d15..3dcdb0ae 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -63,8 +63,7 @@ function prevent_post_csrf ($hard_check=false) {
             if (isset($_SERVER['HTTP_ORIGIN']) == false) $_SERVER['HTTP_ORIGIN'] = '';
         }
         $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
-        if (isset($_SERVER['HTTP_ORIGIN'])) $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
-        else $_SERVER['HTTP_ORIGIN']='';
+        $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
         if ($hard_check == false) {
             if (substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "file:///" && substr($_SERVER['HTTP_ORIGIN'], 0, 7) != "http://" && substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "https://") return;
         }
@@ -92,8 +91,6 @@ function prevent_get_csrf () {
     if (isset($_SERVER['SERVER_PORT']) == false) return;
     if (isset($_SERVER['HTTP_REFERER']) == false) return;
     $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
-    if (isset($_SERVER['HTTP_ORIGIN'])) $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
-    else $_SERVER['HTTP_ORIGIN']='';
     if (substr($_SERVER['HTTP_REFERER'], 0, 8) != "file:///" && substr($_SERVER['HTTP_REFERER'], 0, 7) != "http://" && substr($_SERVER['HTTP_REFERER'], 0, 8) != "https://") return;
     $host_arr = explode(":", $_SERVER['HTTP_HOST']);
     $hostname = $host_arr[0];