diff --git a/server/middlewares/csp.js b/server/middlewares/csp.js
index 0c812e00c6..24e1e848cf 100644
--- a/server/middlewares/csp.js
+++ b/server/middlewares/csp.js
@@ -73,7 +73,8 @@ export default function csp() {
     imgSrc: [
       // allow all input since we have user submitted images for
       // public profile
-      '*'
+      '*',
+      'data:'
     ].concat(trusted),
     fontSrc: [
       '*.googleapis.com',