diff --git a/config/config.sample.php b/config/config.sample.php
index a3b7cbaca4..7283400920 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -146,7 +146,7 @@ $CONFIG = array(
 "remember_login_cookie_lifetime" => 60*60*24*15,
 
 /* Custom CSP policy, changing this will overwrite the standard policy */
-"custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:",
+"custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *",
 
 /* Enable/disable X-Frame-Restriction */
 /* HIGH SECURITY RISK IF DISABLED*/
diff --git a/lib/template.php b/lib/template.php
index ad875359d7..2f53533564 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -203,7 +203,8 @@ class OC_Template{
 			.'style-src \'self\' \'unsafe-inline\'; '
 			.'frame-src *; '
 			.'img-src *; '
-			.'font-src \'self\' data:');
+			.'font-src \'self\' data:; '
+			.'media-src *');
 		header('Content-Security-Policy:'.$policy); // Standard
 
 		$this->findTemplate($name);