diff --git a/.travis.yml b/.travis.yml
index c39908c..42cd6a5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,6 +5,7 @@ go:
   - 1.6.x
   - 1.7.x
   - 1.8.x
+  - 1.9.x
   - tip
 
 script:
diff --git a/README.md b/README.md
index 5a8ac70..5153bb6 100644
--- a/README.md
+++ b/README.md
@@ -15,13 +15,13 @@ Gin middleware/handler to enable CORS support.
 Download and install it:
 
 ```sh
-$ go get gopkg.in/gin-contrib/cors.v1
+$ go get github.com/gin-contrib/cors
 ```
 
 Import it in your code:
 
 ```go
-import "gopkg.in/gin-contrib/cors.v1"
+import "github.com/gin-contrib/cors"
 ```
 
 ### Canonical example:
@@ -32,7 +32,7 @@ package main
 import (
 	"time"
 
-	"gopkg.in/gin-contrib/cors.v1"
+	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 )
 
diff --git a/cors.go b/cors.go
index 16550f4..865b1fe 100644
--- a/cors.go
+++ b/cors.go
@@ -14,7 +14,7 @@ type Config struct {
 
 	// AllowedOrigins is a list of origins a cross-domain request can be executed from.
 	// If the special "*" value is present in the list, all origins will be allowed.
-	// Default value is ["*"]
+	// Default value is []
 	AllowOrigins []string
 
 	// AllowOriginFunc is a custom function to validate the origin. It take the origin
@@ -28,8 +28,6 @@ type Config struct {
 
 	// AllowedHeaders is list of non simple headers the client is allowed to use with
 	// cross-domain requests.
-	// If the special "*" value is present in the list, all headers will be allowed.
-	// Default value is [] but "Origin" is always appended to the list.
 	AllowHeaders []string
 
 	// AllowCredentials indicates whether the request can include user credentials like
@@ -69,8 +67,8 @@ func (c Config) Validate() error {
 		return errors.New("conflict settings: all origins disabled")
 	}
 	for _, origin := range c.AllowOrigins {
-		if !strings.HasPrefix(origin, "http://") && !strings.HasPrefix(origin, "https://") {
-			return errors.New("bad origin: origins must include http:// or https://")
+		if origin != "*" && !strings.HasPrefix(origin, "http://") && !strings.HasPrefix(origin, "https://") {
+			return errors.New("bad origin: origins must either be '*' or include http:// or https://")
 		}
 	}
 	return nil