diff --git a/cps/web.py b/cps/web.py
index f8a8610f..11218a31 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -82,7 +82,7 @@ except ImportError:
 
 @app.after_request
 def add_security_headers(resp):
-    resp.headers['Content-Security-Policy'] = "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:"
+    resp.headers['Content-Security-Policy'] = "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; font-src 'self' data:"
     if request.endpoint == "editbook.edit_book" or config.config_use_google_drive:
         resp.headers['Content-Security-Policy'] += " *"
     resp.headers['X-Content-Type-Options'] = 'nosniff'