diff --git a/packages/core/strapi/lib/middlewares/security.js b/packages/core/strapi/lib/middlewares/security.js
index c52fcd62c4..3f84edf31d 100644
--- a/packages/core/strapi/lib/middlewares/security.js
+++ b/packages/core/strapi/lib/middlewares/security.js
@@ -12,6 +12,8 @@ const defaults = {
     useDefaults: true,
     directives: {
       'connect-src': ["'self'", 'https:'],
+      'img-src': ["'self'", 'data:', 'blob:'],
+      'media-src': ["'self'", 'data:', 'blob:'],
     },
   },
   xssFilter: false,