diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 2993e647da05f9..76859a52e42718 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -35,7 +35,7 @@ def sso_host
   p.default_src     :none
   p.frame_ancestors :none
   p.font_src        :self, assets_host
-  p.img_src         :self, :data, :blob, *media_hosts "https://pay.nano.to"
+  p.img_src         :self, :data, :blob, *media_hosts, 'https://pay.nano.to'
   p.style_src       :self, :unsafe_inline, assets_host
   # p.style_src       :self, assets_host
   p.media_src       :self, :data, *media_hosts