diff --git a/src/lib/Hydra/Controller/Root.pm b/src/lib/Hydra/Controller/Root.pm
index 0a1a2d10..8de67d1b 100644
--- a/src/lib/Hydra/Controller/Root.pm
+++ b/src/lib/Hydra/Controller/Root.pm
@@ -66,6 +66,8 @@ sub begin :Private {
         my $referer = $c->req->header('Origin');
         $referer //= $c->req->header('Referer');
         my $base = $c->req->base;
+        die unless $base =~ /\/$/;
+        $referer .= "/";
         error($c, "POST requests should come from ‘$base’.")
             unless defined $referer && substr($referer, 0, length $base) eq $base;
     }