diff --git a/server.py b/server.py
index 881da8e66..ddef6b1b4 100644
--- a/server.py
+++ b/server.py
@@ -192,8 +192,18 @@ def create_block_external_middleware():
             response = web.Response()
         else:
             response = await handler(request)
-
-        response.headers['Content-Security-Policy'] = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' data:; frame-src 'self'; object-src 'self';"
+        connectSrc = "'self' data:"
+        if args.enable_manager:
+            connectSrc += " https://api.comfy.org"
+        response.headers['Content-Security-Policy'] = (
+            "default-src 'self'; "
+            "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; "
+            "style-src 'self' 'unsafe-inline'; "
+            "img-src 'self' data: blob:; "
+            "font-src 'self'; "
+            f"connect-src {connectSrc}; "
+            "frame-src 'self'; "
+            "object-src 'self';")
         return response
 
     return block_external_middleware