diff --git a/SciPost_v1/settings/base.py b/SciPost_v1/settings/base.py
index b61abe64e4a8cdc32dbafef1066a05129737df4a..343f6b5f72866b3ad745a487b948426f8ff9a29d 100644
--- a/SciPost_v1/settings/base.py
+++ b/SciPost_v1/settings/base.py
@@ -198,10 +198,11 @@ REFERRER_POLICY = 'same-origin'
 CSP_FONT_SRC = ("'self'", 'data:', 'fonts.gstatic.com', 'cdnjs.cloudflare.com',
                 'www.google.com', 'themes.googleusercontent.com')
 CSP_FRAME_SRC = ('www.google.com', 'player.vimeo.com')
-CSP_IMG_SRC = ("'self'", 'ajax.googleapis.com', 'assets.crossref.org',
+CSP_IMG_SRC = ("'self'", 'data:', 'ajax.googleapis.com', 'assets.crossref.org',
                'licensebuttons.net', 'crossmark-cdn.crossref.org')
-CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'", 'ajax.googleapis.com', 'cdnjs.cloudflare.com',
-                  'crossmark-cdn.crossref.org', 'www.recaptcha.net', 'www.gstatic.com',
+CSP_SCRIPT_SRC = ("'self'", 'data:', "'unsafe-inline'", 'ajax.googleapis.com',
+                  'cdnjs.cloudflare.com', 'crossmark-cdn.crossref.org',
+                  'www.recaptcha.net', 'www.gstatic.com',
                   'code.jquery.com')
 CSP_STYLE_SRC = ("'self'", "'unsafe-inline'", 'ajax.googleapis.com', 'code.jquery.com',
                  'fonts.googleapis.com', 'cdnjs.cloudflare.com')