diff --git a/server/src/client/ServerClient.js b/server/src/client/ServerClient.js
index 6c5a883..c584d87 100644
--- a/server/src/client/ServerClient.js
+++ b/server/src/client/ServerClient.js
@@ -78,6 +78,7 @@ class Client extends EventEmitter {
                 if (['corgi.wtf', 'localhost'].some((x) => origin.includes(x))) {
                     return cb(null, true);
                 }
+                this.logger.warn(`Unauthorised origin: ${origin}`);
                 return cb('Unauthorised origin', false);
             }
         }));
diff --git a/server/src/client/endpoints/api/Upload.js b/server/src/client/endpoints/api/Upload.js
index e112c1d..6623464 100644
--- a/server/src/client/endpoints/api/Upload.js
+++ b/server/src/client/endpoints/api/Upload.js
@@ -26,10 +26,11 @@ class Login extends APIEndpoint {
     async upload(req, res) {
 
         const { body: { name }, files: { file } } = req;
-        if (!file) res.status(400).end();
+        if (!file) return res.status(400).end();
         
+        if (!file.mimetype !== 'video/mp4' || !file.name.endsWith('.mp4')) return res.status(400).send('Invalid type');
+
         this.logger.info(`${req.user.username}#${req.user.discriminator} is uploading ${name}`);
-        
         try {
             await this.client.clipIndex.add(file, name, req.user);
             res.status(200).end();