1 files changed, 1 insertions, 0 deletions

diff --git a/thallium-backend/src/app.py b/thallium-backend/src/app.py
index f460f2f..a78a9e6 100644
--- a/thallium-backend/src/app.py
+++ b/thallium-backend/src/app.py
@@ -44,6 +44,7 @@ async def add_process_time_and_security_headers(
     response.headers["Content-Security-Policy"] = (
         "default-src 'self'; script-src 'unsafe-inline' https://cdn.jsdelivr.net/;"
         " style-src https://cdn.jsdelivr.net/ https://fonts.googleapis.com/;"
+        " img-src 'self' data:;"
     )
     response.headers["Referrer-Policy"] = "no-referrer"
     response.headers["Permissions-Policy"] = (