diff --git a/server.conf.in b/server.conf.in
index 1555d3ce..9774b62c 100644
--- a/server.conf.in
+++ b/server.conf.in
@@ -107,8 +107,9 @@ serverRealm = local
 ; The currently recommended CSP is:
 ;   default-src 'self';
 ;   style-src 'self' 'unsafe-inline';
-;   img-src 'self' data:;
-;   connect-src 'self' wss://server:port/ws;
+;   img-src 'self' data: blob:;
+;   connect-src 'self' wss://server:port/ws blob:;
+;   font-src 'self' blob;
 ;contentSecurityPolicy =
 ; Content-Security-Policy-Report-Only HTTP response header value. Use this
 ; to test your CSP before putting it into production.