diff --git a/lib/Listener/AddContentSecurityPolicyListener.php b/lib/Listener/AddContentSecurityPolicyListener.php
index 6cf9c27f..3c9b3594 100644
--- a/lib/Listener/AddContentSecurityPolicyListener.php
+++ b/lib/Listener/AddContentSecurityPolicyListener.php
@@ -8,6 +8,7 @@
 namespace OCA\Whiteboard\Listener;
 
 use OCP\AppFramework\Http\EmptyContentSecurityPolicy;
+use OCP\AppFramework\IAppContainer;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
 use OCP\IRequest;
@@ -17,6 +18,7 @@
 class AddContentSecurityPolicyListener implements IEventListener {
 	public function __construct(
 		private IRequest $request,
+		private IAppContainer $appContainer,
 	) {
 	}
 
@@ -28,9 +30,12 @@ public function handle(Event $event): void {
 
 		$policy = new EmptyContentSecurityPolicy();
 
-		$policy->addAllowedConnectDomain('*');
-		$policy->addAllowedWorkerSrcDomain('*');
-		$policy->addAllowedFontDomain('*');
+		$serverUrl = $this->appContainer->getConfig()->getAppValue('whiteboard', 'collabServerUrl', '');
+		if ($serverUrl !== '') {
+			$policy->addAllowedConnectDomain($serverUrl);
+			$policy->addAllowedWorkerSrcDomain($serverUrl);
+			$policy->addAllowedFontDomain($serverUrl);
+		}
 
 		$event->addPolicy($policy);
 	}