diff --git a/src/app.js b/src/app.js
index 1c66c9a..e5bd5f6 100644
--- a/src/app.js
+++ b/src/app.js
@@ -75,7 +75,7 @@ app.use(function *(next) {
this.set('Public-Key-Pins', 'pin-sha256="' + config.server.httpsKeyPin + '"; pin-sha256="' + config.server.httpsKeyPinBackup + '"; max-age=16070400');
}
// CSP
- this.set('Content-Security-Policy', "default-src 'self'; object-src 'none'");
+ this.set('Content-Security-Policy', "default-src 'self'; object-src 'none'; script-src 'self' code.jquery.com; style-src 'self' maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com");
// Prevent rendering website in foreign iframe (Clickjacking)
this.set('X-Frame-Options', 'DENY');
// CORS
diff --git a/src/static/demo.html b/src/static/demo.html
index 3737075..e2dcabe 100644
--- a/src/static/demo.html
+++ b/src/static/demo.html
@@ -8,8 +8,8 @@
Mailvelope Key Server
-
-
+
+
@@ -94,7 +94,7 @@
-
+
diff --git a/src/static/index.html b/src/static/index.html
index 9a57170..674cada 100644
--- a/src/static/index.html
+++ b/src/static/index.html
@@ -8,8 +8,8 @@
Mailvelope Key Server
-
-
+
+