diff --git a/server/src/index.js b/server/src/index.js
index d6ea2cef1..905e8faea 100644
--- a/server/src/index.js
+++ b/server/src/index.js
@@ -78,7 +78,13 @@ const startServer = async () => {
       hidePoweredBy: true,
       contentSecurityPolicy: {
         directives: {
-          scriptSrc: ["'self'", 'https://cdn.jsdelivr.net'],
+          scriptSrc: [
+            "'self'",
+            'https://cdn.jsdelivr.net',
+            'https://telegram.org',
+            'https://static.cloudflareinsights.com',
+          ],
+          frameSrc: ["'self'", 'https://*.telegram.org'],
           workerSrc: ["'self'", 'blob:'],
         },
       },
diff --git a/src/components/auth/Telegram.jsx b/src/components/auth/Telegram.jsx
index afce98bbc..31ffdb601 100644
--- a/src/components/auth/Telegram.jsx
+++ b/src/components/auth/Telegram.jsx
@@ -12,7 +12,7 @@ export function TelegramWidget({ botName, authUrl }) {
   React.useEffect(() => {
     if (ref.current) {
       const script = document.createElement('script')
-      script.src = 'https://telegram.org/js/telegram-widget.js?4'
+      script.src = 'https://telegram.org/js/telegram-widget.js?22'
       script.setAttribute('data-telegram-login', botName)
       script.setAttribute('data-auth-url', authUrl)
       script.setAttribute(