diff --git a/server/server.ts b/server/server.ts.orig
index 7a1514e..5ecdea9 100644
--- a/server/server.ts
+++ b/server/server.ts.orig
@@ -377,7 +377,7 @@ function addSecurityHeaders(req: Request, res: Response, next: NextFunction) {
 		"default-src 'none'", // default to nothing
 		"base-uri 'none'", // disallow <base>, has no fallback to default-src
 		"form-action 'self'", // 'self' to fix saving passwords in Firefox, even though login is handled in javascript
-		"connect-src 'self' ws: wss:", // allow self for polling; websockets
+		"connect-src 'self' ws: wss: https:", // allow self for polling; websockets
 		"style-src 'self' https: 'unsafe-inline'", // allow inline due to use in irc hex colors
 		"script-src 'self'", // javascript
 		"worker-src 'self'", // service worker