diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
new file mode 100644
index 0000000..bb6a0cf
--- /dev/null
+++ b/.github/workflows/build-docker.yml
@@ -0,0 +1,46 @@
+name: Build docker images
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  publish_to_docker_hub:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      
+      - name: Prepare tags
+        id: prep
+        run: |
+          DOCKER_IMAGE=milesmcc/shynet
+          VERSION=${GITHUB_REF#refs/tags/}
+          TAGS="${DOCKER_IMAGE}:${VERSION},${DOCKER_IMAGE}:latest"
+          echo ::set-output name=tags::${TAGS}
+          
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+        
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Build and push advanced image
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          tags: ${{ steps.prep.outputs.tags }}
diff --git a/Dockerfile b/Dockerfile
index dbf8045..7527778 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3-alpine
+FROM python:alpine3.12
 
 # Getting things ready
 WORKDIR /usr/src/shynet
diff --git a/shynet/analytics/views/ingress.py b/shynet/analytics/views/ingress.py
index 9a5107b..538f1e6 100644
--- a/shynet/analytics/views/ingress.py
+++ b/shynet/analytics/views/ingress.py
@@ -54,7 +54,7 @@ class ValidateServiceOriginsMixin:
                 origins = service.origins
                 cache.set(f"service_origins_{service_uuid}", origins, timeout=3600)
 
-            resp = super().dispatch(request, *args, **kwargs)
+            allow_origin = "*"
 
             if origins != "*":
                 remote_origin = request.META.get("HTTP_ORIGIN")
@@ -66,12 +66,12 @@ class ValidateServiceOriginsMixin:
                     remote_origin = f"{parsed.scheme}://{parsed.netloc}".lower()
                 origins = [origin.strip().lower() for origin in origins.split(",")]
                 if remote_origin in origins:
-                    resp["Access-Control-Allow-Origin"] = remote_origin
+                    allow_origin = remote_origin
                 else:
                     return HttpResponseForbidden()
-            else:
-                resp["Access-Control-Allow-Origin"] = "*"
 
+            resp = super().dispatch(request, *args, **kwargs)
+            resp["Access-Control-Allow-Origin"] = allow_origin
             resp["Access-Control-Allow-Methods"] = "GET,HEAD,OPTIONS,POST"
             resp[
                 "Access-Control-Allow-Headers"