diff --git a/src/Middleware/AddCorsHeaderForAppDomainsMiddleware.php b/src/Middleware/AddCorsHeaderForAppDomainsMiddleware.php
index 86131afa..44b9b726 100644
--- a/src/Middleware/AddCorsHeaderForAppDomainsMiddleware.php
+++ b/src/Middleware/AddCorsHeaderForAppDomainsMiddleware.php
@@ -18,7 +18,7 @@ public function process(Request $request, ResponseHandler $handler): Response
             $response = $handler->handle($request);
         }
 
-        return $response->withHeader('Access-Control-Allow-Origin', 'kissj.skauting.cz')
+        return $response->withHeader('Access-Control-Allow-Origin', 'https://kissj.skauting.cz')
             ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
             ->withHeader('Access-Control-Allow-Headers', $request->getHeader('Access-Control-Allow-Headers') == [] ? '' : $request->getHeader('Access-Control-Allow-Headers'))
             ->withHeader('Access-Control-Allow-Credentials', 'true'); // also handle cookies