diff --git a/src/ui/main.py b/src/ui/main.py
index 8b492dae3..cbc346903 100755
--- a/src/ui/main.py
+++ b/src/ui/main.py
@@ -353,6 +353,14 @@ def loading():
     )
 
 
+@app.route("/check", methods=["GET"])
+def check():
+    if "Origin" not in request.headers:
+        return Response(status=403)
+
+    return Response(status=200, headers={"Access-Control-Allow-Origin": "*"})
+
+
 @app.route("/setup", methods=["GET", "POST"])
 def setup():
     if app.config["USER"]:
@@ -427,7 +435,6 @@ def setup():
                     "REVERSE_PROXY_URL": request.form["ui_url"] or "/",
                     "AUTO_LETS_ENCRYPT": request.form.get("auto_lets_encrypt", "no"),
                     "INTERCEPTED_ERROR_CODES": "400 404 405 413 429 500 501 502 503 504",
-                    "USE_CORS": "yes",
                 },
                 request.form["server_name"],
                 request.form["server_name"],
diff --git a/src/ui/templates/setup.html b/src/ui/templates/setup.html
index ad0578f89..c6f910119 100644
--- a/src/ui/templates/setup.html
+++ b/src/ui/templates/setup.html
@@ -1699,15 +1699,19 @@
             })
               .then((res) => {
                 if (res.status === 200) {
+                  setTimeout(() => {
+                    window.open(`${api}/login`, "_self");
+                  }, 60000);
                   setInterval(() => {
-                    fetch(api, {
+                    fetch(`${api}/check`, {
                       cache: "no-cache",
                     })
                       .then((res) => {
-                        if (res.status === 200 || res.status === 301) {
-                          window.location.replace(api);
+                        if (res.status === 200) {
+                          window.open(`${api}/login`, "_self");
                         }
-                      });
+                      })
+                      .catch((err) => {});
                   }, 5000);
                 }
               })