diff --git a/src/utils/hostWhitelist.ts b/src/utils/hostWhitelist.ts
index 3fb1ae2c3..694626ca7 100644
--- a/src/utils/hostWhitelist.ts
+++ b/src/utils/hostWhitelist.ts
@@ -42,6 +42,7 @@ export function isHostWhitelisted(rawHost: string): boolean {
   if (isLocalhostLabel(host)) return true
   if (isIPv4Loopback(host)) return true
   if (isIPv6Loopback(host)) return true
+  if (isComfyOrgHost(host)) return true
   const normalizedList = HOST_WHITELIST.map(normalizeHost)
   return normalizedList.includes(host)
 }
@@ -89,3 +90,9 @@ function isIPv6Loopback(h: string): boolean {
   // Require that at least one group was actually compressed: i.e., leftCount + rightCount ≤ 6.
   return leftCount + rightCount <= 6
 }
+
+const COMFY_ORG_HOST = /\.comfy\.org$/
+
+function isComfyOrgHost(h: string): boolean {
+  return COMFY_ORG_HOST.test(h)
+}
diff --git a/tests-ui/tests/utils/hostWhitelist.test.ts b/tests-ui/tests/utils/hostWhitelist.test.ts
index cd3506dff..9cf71b6a5 100644
--- a/tests-ui/tests/utils/hostWhitelist.test.ts
+++ b/tests-ui/tests/utils/hostWhitelist.test.ts
@@ -119,5 +119,27 @@ describe('hostWhitelist utils', () => {
         expect(isHostWhitelisted('   ')).toBe(false)
       })
     })
+
+    describe('comfy.org hosts', () => {
+      it.each([
+        'staging.comfy.org',
+        'stagingcloud.comfy.org',
+        'pr-123.testingcloud.comfy.org',
+        'api.v2.staging.comfy.org'
+      ])('should allow %o', (input) => {
+        expect(isHostWhitelisted(input)).toBe(true)
+      })
+
+      it.each([
+        'comfy.org.evil.com',
+        'evil-comfy.org',
+        'comfy.organization',
+        'notcomfy.org',
+        'comfy.org.hacker.net',
+        'mycomfy.org.example.com'
+      ])('should NOT allow %o', (input) => {
+        expect(isHostWhitelisted(input)).toBe(false)
+      })
+    })
   })
 })