diff --git a/src/webauthn/src/CeremonyStep/CeremonyStepManagerFactory.php b/src/webauthn/src/CeremonyStep/CeremonyStepManagerFactory.php
index 5772e8a3..32012ec5 100644
--- a/src/webauthn/src/CeremonyStep/CeremonyStepManagerFactory.php
+++ b/src/webauthn/src/CeremonyStep/CeremonyStepManagerFactory.php
@@ -169,7 +169,7 @@ public function requestCeremony(): CeremonyStepManager
                 $this->allowSubdomains,
                 $this->securedRelyingPartyId ?? []
             ),
-            new CheckTopOrigin(),
+            new CheckTopOrigin($this->topOriginValidator),
             new CheckRelyingPartyIdIdHash(),
             new CheckUserWasPresent(),
             new CheckUserVerification(),
diff --git a/src/webauthn/src/CeremonyStep/CheckTopOrigin.php b/src/webauthn/src/CeremonyStep/CheckTopOrigin.php
index bb9a5554..31c73a35 100644
--- a/src/webauthn/src/CeremonyStep/CheckTopOrigin.php
+++ b/src/webauthn/src/CeremonyStep/CheckTopOrigin.php
@@ -33,9 +33,8 @@ public function process(
             throw AuthenticatorResponseVerificationException::create('The response is not cross-origin.');
         }
         if ($this->topOriginValidator === null) {
-            (new HostTopOriginValidator($host))->validate($topOrigin);
-        } else {
-            $this->topOriginValidator->validate($topOrigin);
+            return;
         }
+        $this->topOriginValidator->validate($topOrigin);
     }
 }