diff --git a/middleware/cors/utils.go b/middleware/cors/utils.go
index f5338dcc..66ed9248 100644
--- a/middleware/cors/utils.go
+++ b/middleware/cors/utils.go
@@ -37,11 +37,6 @@ func normalizeOrigin(origin string) (bool, string) {
 		return false, ""
 	}
 
-	// Validate the scheme is either http or https
-	if parsedOrigin.Scheme != "http" && parsedOrigin.Scheme != "https" {
-		return false, ""
-	}
-
 	// Don't allow a wildcard with a protocol
 	// wildcards cannot be used within any other value. For example, the following header is not valid:
 	// Access-Control-Allow-Origin: https://*
diff --git a/middleware/cors/utils_test.go b/middleware/cors/utils_test.go
index 84f217e5..3fc48535 100644
--- a/middleware/cors/utils_test.go
+++ b/middleware/cors/utils_test.go
@@ -17,6 +17,7 @@ func Test_NormalizeOrigin(t *testing.T) {
 		{origin: "http://example.com/", expectedValid: true, expectedOrigin: "http://example.com"},                      // Trailing slash should be removed.
 		{origin: "http://example.com:3000", expectedValid: true, expectedOrigin: "http://example.com:3000"},             // Port should be preserved.
 		{origin: "http://example.com:3000/", expectedValid: true, expectedOrigin: "http://example.com:3000"},            // Trailing slash should be removed.
+		{origin: "app://example.com/", expectedValid: true, expectedOrigin: "app://example.com"},                        // App scheme should be accepted.
 		{origin: "http://", expectedValid: false, expectedOrigin: ""},                                                   // Invalid origin should not be accepted.
 		{origin: "file:///etc/passwd", expectedValid: false, expectedOrigin: ""},                                        // File scheme should not be accepted.
 		{origin: "https://*example.com", expectedValid: false, expectedOrigin: ""},                                      // Wildcard domain should not be accepted.