diff --git a/config/application.rb b/config/application.rb
index d1156765f..a7a9d123d 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -52,7 +52,8 @@ module Neeto
          default_src: %w(https: 'self'),
          base_uri: %w('self'),
          block_all_mixed_content: false, # see http://www.w3.org/TR/mixed-content/
-         child_src: ["*"],
+         child_src: ["*", "blob:"],
+         frame_src: ["*", "blob:"],
          connect_src: ["*"],
          font_src: %w(* 'self'),
          form_action: %w('self'),