diff --git a/app.js b/app.js
index 01e76fcd4c..fb93dac01f 100644
--- a/app.js
+++ b/app.js
@@ -183,6 +183,7 @@ app.use(helmet.contentSecurityPolicy({
     ].concat(trusted),
     frameSrc: [
         '*.gitter.im',
+        '*.gitter.im https:',
         '*.vimeo.com',
         '*.twitter.com',
         '*.rafflecopter.com',