diff --git a/lib/csp.js b/lib/csp.js
index b559d8d3c..52a8d4b8a 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -22,7 +22,8 @@ const defaultDirectives = {
   ],
   styleSrc: [config.serverURL + '/build/', config.serverURL + '/css/', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
   objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
-  formAction: ['\'self\'']
+  formAction: ['\'self\''],
+  mediaSrc: ['*']
 }
 
 const cdnDirectives = {