diff --git a/app/core/config.py b/app/core/config.py
index a4acf5c1..dd1d23fe 100644
--- a/app/core/config.py
+++ b/app/core/config.py
@@ -243,7 +243,8 @@ class ConfigModel(BaseModel):
                                  "hdslb.com",
                                  "cmvideo.cn",
                                  "ykimg.com",
-                                 "qpic.cn"]
+                                 "qpic.cn",
+                                 "http://wapx.cmvideo.cn:8080"]
     )
     # 允许的图片文件后缀格式
     SECURITY_IMAGE_SUFFIXES: List[str] = Field(
diff --git a/app/utils/security.py b/app/utils/security.py
index c002adce..f7367915 100644
--- a/app/utils/security.py
+++ b/app/utils/security.py
@@ -65,7 +65,6 @@ class SecurityUtils:
             netloc = parsed_url.netloc.lower()
             if not netloc:
                 return False
-            netloc_no_port = netloc.split(":")[0]
 
             # 检查每个允许的域名
             allowed_domains = {d.lower() for d in allowed_domains}
@@ -79,7 +78,7 @@ class SecurityUtils:
                         return True
                 else:
                     # 非严格模式下，允许子域名匹配
-                    if netloc_no_port == allowed_netloc or netloc_no_port.endswith('.' + allowed_netloc):
+                    if netloc == allowed_netloc or netloc.endswith('.' + allowed_netloc):
                         return True
 
             return False