diff --git a/config/config.sample.php b/config/config.sample.php
index d3fa7508ce2965559878d2437d792ada31b9e248..a53521485e6595feb5f51827509fc25de28a142d 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -831,7 +831,7 @@ $CONFIG = array(
 'custom_csp_policy' =>
 	"default-src 'self'; script-src 'self' 'unsafe-eval'; ".
 	"style-src 'self' 'unsafe-inline'; frame-src *; img-src *; ".
-	"font-src 'self' data:; media-src *",
+	"font-src 'self' data:; media-src *; connect-src *",
 
 
 /**
diff --git a/lib/private/response.php b/lib/private/response.php
index caa382af77696b856b5d88e0626cb810c568e743..cf18115111a016bd41f8bef00c2968295201d3e7 100644
--- a/lib/private/response.php
+++ b/lib/private/response.php
@@ -212,7 +212,8 @@ class OC_Response {
 			. 'frame-src *; '
 			. 'img-src *; '
 			. 'font-src \'self\' data:; '
-			. 'media-src *');
+			. 'media-src *; ' 
+			. 'connect-src *');
 		header('Content-Security-Policy:' . $policy);
 
 		// https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag