diff --git a/background.js b/background.js
index 19b3bd7..40521e9 100644
--- a/background.js
+++ b/background.js
@@ -12,6 +12,8 @@ chrome.webRequest.onHeadersReceived.addListener(({ responseHeaders, url }) => {
     for (let p of cspAllowAll) {
       csp.value = csp.value.replace(`${p}`, `${p} * blob: data:`); // * does not include data: URIs
     }
+    // Discord doesn't even specify a manifest CSP so we create our own
+    csp.value += ' manifest-src * blob: data:;';
 
     // Fix Discord's broken CSP which disallows unsafe-inline due to having a nonce (which they don't even use?)
     csp.value = csp.value.replace(/'nonce-.*?' /, '');