diff --git a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
index ddbe9d5ba66a..1eee79898c10 100644
--- a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
+++ b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java
@@ -549,31 +549,31 @@ private List<OriginPattern> combinePatterns(
 
 	/**
 	 * Check the origin of the request against the configured allowed origins.
-	 * @param requestOrigin the origin to check
+	 * @param origin the origin to check
 	 * @return the origin to use for the response, or {@code null} which
 	 * means the request origin is not allowed
 	 */
 	@Nullable
-	public String checkOrigin(@Nullable String requestOrigin) {
-		if (!StringUtils.hasText(requestOrigin)) {
+	public String checkOrigin(@Nullable String origin) {
+		if (!StringUtils.hasText(origin)) {
 			return null;
 		}
-		requestOrigin = trimTrailingSlash(requestOrigin);
+		String originToCheck = trimTrailingSlash(origin);
 		if (!ObjectUtils.isEmpty(this.allowedOrigins)) {
 			if (this.allowedOrigins.contains(ALL)) {
 				validateAllowCredentials();
 				return ALL;
 			}
 			for (String allowedOrigin : this.allowedOrigins) {
-				if (requestOrigin.equalsIgnoreCase(allowedOrigin)) {
-					return requestOrigin;
+				if (originToCheck.equalsIgnoreCase(allowedOrigin)) {
+					return origin;
 				}
 			}
 		}
 		if (!ObjectUtils.isEmpty(this.allowedOriginPatterns)) {
 			for (OriginPattern p : this.allowedOriginPatterns) {
-				if (p.getDeclaredPattern().equals(ALL) || p.getPattern().matcher(requestOrigin).matches()) {
-					return requestOrigin;
+				if (p.getDeclaredPattern().equals(ALL) || p.getPattern().matcher(originToCheck).matches()) {
+					return origin;
 				}
 			}
 		}
diff --git a/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java b/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java
index 4cfdf1cc353f..b920a9f16792 100644
--- a/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java
+++ b/spring-web/src/test/java/org/springframework/web/cors/CorsConfigurationTests.java
@@ -294,12 +294,12 @@ public void checkOriginAllowed() {
 		// specific origin matches Origin header with or without trailing "/"
 		config.setAllowedOrigins(Collections.singletonList("https://domain.com"));
 		assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
-		assertThat(config.checkOrigin("https://domain.com/")).isEqualTo("https://domain.com");
+		assertThat(config.checkOrigin("https://domain.com/")).isEqualTo("https://domain.com/");
 
 		// specific origin with trailing "/" matches Origin header with or without trailing "/"
 		config.setAllowedOrigins(Collections.singletonList("https://domain.com/"));
 		assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
-		assertThat(config.checkOrigin("https://domain.com/")).isEqualTo("https://domain.com");
+		assertThat(config.checkOrigin("https://domain.com/")).isEqualTo("https://domain.com/");
 
 		config.setAllowCredentials(false);
 		assertThat(config.checkOrigin("https://domain.com")).isEqualTo("https://domain.com");
diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java
index cb9e9f2538d8..3f1fce6612a2 100644
--- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java
+++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/CrossOriginTests.java
@@ -284,7 +284,7 @@ void classLevelComposedAnnotation(TestRequestMappingInfoHandlerMapping mapping)
 		CorsConfiguration config = getCorsConfiguration(chain, false);
 		assertThat(config).isNotNull();
 		assertThat(config.getAllowedMethods()).containsExactly("GET");
-		assertThat(config.getAllowedOrigins()).containsExactly("http://www.foo.example/");
+		assertThat(config.getAllowedOrigins()).containsExactly("http://www.foo.example");
 		assertThat(config.getAllowCredentials()).isTrue();
 	}
 
@@ -297,7 +297,7 @@ void methodLevelComposedAnnotation(TestRequestMappingInfoHandlerMapping mapping)
 		CorsConfiguration config = getCorsConfiguration(chain, false);
 		assertThat(config).isNotNull();
 		assertThat(config.getAllowedMethods()).containsExactly("GET");
-		assertThat(config.getAllowedOrigins()).containsExactly("http://www.foo.example/");
+		assertThat(config.getAllowedOrigins()).containsExactly("http://www.foo.example");
 		assertThat(config.getAllowCredentials()).isTrue();
 	}