diff --git a/isso/views/comments.py b/isso/views/comments.py
index 90de4f6..24a907e 100644
--- a/isso/views/comments.py
+++ b/isso/views/comments.py
@@ -44,7 +44,7 @@ def csrf(view):
 
     def dec(self, environ, request, *args, **kwargs):
 
-        origin = request.headers.get("Origin")
+        origin = request.headers.get("Origin", "")
         if parse.host(origin) not in map(parse.host, self.conf.getiter("host")):
             raise Forbidden("CSRF")
 
diff --git a/specs/fixtures.py b/specs/fixtures.py
index 91f8349..d61c7fa 100644
--- a/specs/fixtures.py
+++ b/specs/fixtures.py
@@ -11,6 +11,7 @@ class FakeIP(object):
 
     def __call__(self, environ, start_response):
         environ['REMOTE_ADDR'] = self.ip
+        environ['HTTP_ORIGIN'] = "http://localhost:8080"
         return self.app(environ, start_response)