diff --git a/controller/displaycontroller.php b/controller/displaycontroller.php
index 5bae92c..c0c8760 100644
--- a/controller/displaycontroller.php
+++ b/controller/displaycontroller.php
@@ -48,6 +48,7 @@ public function showPdfViewer() {
 		$policy = new ContentSecurityPolicy();
 		$policy->addAllowedChildSrcDomain('\'self\'');
 		$policy->addAllowedFontDomain('data:');
+		$policy->addAllowedImageDomain('*');
 		$response->setContentSecurityPolicy($policy);
 
 		return $response;
diff --git a/tests/unit/controller/displaycontrollertest.php b/tests/unit/controller/displaycontrollertest.php
index 942f501..4d48436 100644
--- a/tests/unit/controller/displaycontrollertest.php
+++ b/tests/unit/controller/displaycontrollertest.php
@@ -54,6 +54,7 @@ public function testShowPdfViewer() {
 		$policy = new ContentSecurityPolicy();
 		$policy->addAllowedChildSrcDomain('\'self\'');
 		$policy->addAllowedFontDomain('data:');
+		$policy->addAllowedImageDomain('*');
 		$expectedResponse->setContentSecurityPolicy($policy);
 
 		$this->assertEquals($expectedResponse, $this->controller->showPdfViewer());