diff --git a/Gemfile b/Gemfile
index b401c922e..cd7d9d521 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,9 +7,9 @@ ruby RUBY_VERSION
 gem "decidim", "0.28.0"
 
 gem "decidim-decidim_awesome", git: "https://github.com/codeforjapan/decidim-module-decidim_awesome.git", branch: "develop"
-#
+
 gem "decidim-term_customizer", git: "https://github.com/codeforjapan/decidim-module-term_customizer.git", branch: "028-ja"
-#
+
 gem "decidim-navigation_maps", git: "https://github.com/codeforjapan/decidim-module-navigation_maps.git", branch: "upgrade-0.28-2024-04-03"
 # gem "decidim-polis", git: "https://github.com/codeforjapan/decidim-polis.git", branch: "update-0-27-4"
 
diff --git a/config/initializers/decidim.rb b/config/initializers/decidim.rb
index f99aca7ad..393055040 100644
--- a/config/initializers/decidim.rb
+++ b/config/initializers/decidim.rb
@@ -392,6 +392,17 @@
   config.maximum_conversation_message_length = Rails.application.secrets.decidim[:maximum_conversation_message_length].to_i
   config.password_blacklist = Rails.application.secrets.decidim[:password_blacklist] if Rails.application.secrets.decidim[:password_blacklist].present?
   config.allow_open_redirects = Rails.application.secrets.decidim[:allow_open_redirects] if Rails.application.secrets.decidim[:allow_open_redirects].present?
+
+  config.content_security_policies_extra = {
+    "default-src" => '*',
+    "img-src" => '*',
+    "media-src" => '*',
+    "script-src" => '*',
+    "style-src" => '*',
+    "font-src" => '*',
+    "frame-src" => '*',
+    "connect-src" => '*',
+  }
 end
 
 if Decidim.module_installed? :api