diff --git a/jupyter_server/auth/login.py b/jupyter_server/auth/login.py
index 7df56918e0..19cdb47d75 100644
--- a/jupyter_server/auth/login.py
+++ b/jupyter_server/auth/login.py
@@ -53,7 +53,7 @@ def _redirect_safe(self, url, default=None):
                 if self.allow_origin:
                     allow = self.allow_origin == origin
                 elif self.allow_origin_pat:
-                    allow = bool(self.allow_origin_pat.match(origin))
+                    allow = bool(re.match(self.allow_origin_pat, origin))
             if not allow:
                 # not allowed, use default
                 self.log.warning("Not allowing login redirect to %r" % url)
diff --git a/jupyter_server/base/handlers.py b/jupyter_server/base/handlers.py
index 60d0e5fead..db5f2296cf 100644
--- a/jupyter_server/base/handlers.py
+++ b/jupyter_server/base/handlers.py
@@ -309,7 +309,7 @@ def set_default_headers(self):
             self.set_header("Access-Control-Allow-Origin", self.allow_origin)
         elif self.allow_origin_pat:
             origin = self.get_origin()
-            if origin and self.allow_origin_pat.match(origin):
+            if origin and re.match(self.allow_origin_pat, origin):
                 self.set_header("Access-Control-Allow-Origin", origin)
         elif self.token_authenticated and "Access-Control-Allow-Origin" not in self.settings.get(
             "headers", {}
@@ -382,7 +382,7 @@ def check_origin(self, origin_to_satisfy_tornado=""):
         if self.allow_origin:
             allow = self.allow_origin == origin
         elif self.allow_origin_pat:
-            allow = bool(self.allow_origin_pat.match(origin))
+            allow = bool(re.match(self.allow_origin_pat, origin))
         else:
             # No CORS headers deny the request
             allow = False
@@ -427,7 +427,7 @@ def check_referer(self):
         if self.allow_origin:
             allow = self.allow_origin == origin
         elif self.allow_origin_pat:
-            allow = bool(self.allow_origin_pat.match(origin))
+            allow = bool(re.match(self.allow_origin_pat, origin))
         else:
             # No CORS settings, deny the request
             allow = False
diff --git a/jupyter_server/base/zmqhandlers.py b/jupyter_server/base/zmqhandlers.py
index 6e03990dec..029a47bdba 100644
--- a/jupyter_server/base/zmqhandlers.py
+++ b/jupyter_server/base/zmqhandlers.py
@@ -3,6 +3,7 @@
 # Copyright (c) Jupyter Development Team.
 # Distributed under the terms of the Modified BSD License.
 import json
+import re
 import struct
 import sys
 from urllib.parse import urlparse
@@ -139,7 +140,7 @@ def check_origin(self, origin=None):
         if self.allow_origin:
             allow = self.allow_origin == origin
         elif self.allow_origin_pat:
-            allow = bool(self.allow_origin_pat.match(origin))
+            allow = bool(re.match(self.allow_origin_pat, origin))
         else:
             # No CORS headers deny the request
             allow = False