diff --git a/rest/internal/cors/handlers.go b/rest/internal/cors/handlers.go
index 7bb3f077..e2a64b74 100644
--- a/rest/internal/cors/handlers.go
+++ b/rest/internal/cors/handlers.go
@@ -2,6 +2,7 @@ package cors
 
 import (
 	"net/http"
+	"strings"
 
 	"github.com/zeromicro/go-zero/rest/internal/response"
 )
@@ -81,7 +82,7 @@ func isOriginAllowed(allows []string, origin string) bool {
 			return true
 		}
 
-		if o == origin {
+		if strings.HasSuffix(origin, o) {
 			return true
 		}
 	}
diff --git a/rest/internal/cors/handlers_test.go b/rest/internal/cors/handlers_test.go
index dea7bb4e..4a398ba5 100644
--- a/rest/internal/cors/handlers_test.go
+++ b/rest/internal/cors/handlers_test.go
@@ -31,6 +31,12 @@ func TestCorsHandlerWithOrigins(t *testing.T) {
 			reqOrigin: "http://local",
 			expect:    "http://local",
 		},
+		{
+			name:      "allow sub origins",
+			origins:   []string{"local", "remote"},
+			reqOrigin: "sub.local",
+			expect:    "sub.local",
+		},
 		{
 			name:      "allow all origins",
 			reqOrigin: "http://local",