diff --git a/config/config.example.js b/config/config.example.js
index 855a848e3..37fd5ada9 100644
--- a/config/config.example.js
+++ b/config/config.example.js
@@ -54,7 +54,7 @@ module.exports = {
  *  and it may have unintended consequences in practice.
  *
  */
-    httpUnsafeOrigin: 'http://localhost:3000/',
+    httpUnsafeOrigin: 'http://localhost:3000',
 
 /*  httpSafeOrigin is the URL that is used for the 'sandbox' described above.
  *  If you're testing or developing with CryptPad on your local machine then
diff --git a/server.js b/server.js
index f3ee71d0b..d2df3bba6 100644
--- a/server.js
+++ b/server.js
@@ -16,15 +16,19 @@ var Env = require("./lib/env").create(config);
 
 var app = Express();
 
+var canonicalizeOrigin = function (s) {
+    return (s || '').trim().replace(/\/+$/, '');
+};
+
 (function () {
     // you absolutely must provide an 'httpUnsafeOrigin'
     if (typeof(config.httpUnsafeOrigin) !== 'string') {
         throw new Error("No 'httpUnsafeOrigin' provided");
     }
 
-    config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim();
+    config.httpUnsafeOrigin = canonicalizeOrigin(config.httpUnsafeOrigin);
     if (typeof(config.httpSafeOrigin) === 'string') {
-        config.httpSafeOrigin = config.httpSafeOrigin.trim().replace(/\/$/, '');
+        config.httpSafeOrigin = canonicalizeOrigin(config.httpSafeOrigin);
     }
 
     // fall back to listening on a local address