diff --git a/commands/http/handler.go b/commands/http/handler.go
index 9f43e4d6e..5679cd6e7 100644
--- a/commands/http/handler.go
+++ b/commands/http/handler.go
@@ -332,7 +332,9 @@ func (cfg ServerConfig) AllowedOrigins() []string {
 func (cfg *ServerConfig) SetAllowedOrigins(origins ...string) {
 	cfg.cORSOptsRWMutex.Lock()
 	defer cfg.cORSOptsRWMutex.Unlock()
-	cfg.cORSOpts.AllowedOrigins = origins
+	o := make([]string, len(origins))
+	copy(o, origins)
+	cfg.cORSOpts.AllowedOrigins = o
 }
 
 func (cfg *ServerConfig) AppendAllowedOrigins(origins ...string) {
diff --git a/test/sharness/t0060-daemon.sh b/test/sharness/t0060-daemon.sh
index f793b5780..a5d3f410e 100755
--- a/test/sharness/t0060-daemon.sh
+++ b/test/sharness/t0060-daemon.sh
@@ -8,6 +8,9 @@ test_description="Test daemon command"
 
 . lib/test-lib.sh
 
+gwyport=8080
+apiport=5001
+
 # TODO: randomize ports here once we add --config to ipfs daemon
 
 # this needs to be in a different test than "ipfs daemon --init" below
@@ -44,6 +47,16 @@ test_expect_success "ipfs peer id looks good" '
   test_check_peerid "$PEERID"
 '
 
+# this is for checking SetAllowedOrigins race condition for the api and gateway
+# See https://github.com/ipfs/go-ipfs/pull/1966
+test_expect_success "ipfs API works with the correct allowed origin port" '
+  curl -s -X GET -H "Origin:http://localhost:$apiport" -I "http://localhost:$apiport/api/v0/version"
+'
+
+test_expect_success "ipfs gateway works with the correct allowed origin port" '
+  curl -s -X GET -H "Origin:http://localhost:$gwyport" -I "http://localhost:$gwyport/api/v0/version"
+'
+
 # This is like t0020-init.sh "ipfs init output looks good"
 #
 # Unfortunately the line: