diff --git a/app/Http/Middleware/ContentSecurityPolicy.php b/app/Http/Middleware/ContentSecurityPolicy.php
index 787d2ade..382bc3b9 100644
--- a/app/Http/Middleware/ContentSecurityPolicy.php
+++ b/app/Http/Middleware/ContentSecurityPolicy.php
@@ -48,8 +48,14 @@ class ContentSecurityPolicy
             "'nonce-{$styleNonce}'",
             'https:',
         ];
+        $styleElemSources = [];
         if ($allowUnsafeInlineStyles) {
-            $styleSources[] = "'unsafe-inline'";
+            $styleElemSources = [
+                "'self'",
+                "'unsafe-inline'",
+                'https:',
+                'data:',
+            ];
         }
 
         $connectSources = [
@@ -128,6 +134,7 @@ class ContentSecurityPolicy
             'default-src' => ["'self'"],
             'script-src' => array_unique($scriptSources),
             'style-src' => array_unique($styleSources),
+            'style-src-elem' => $styleElemSources,
             'style-src-attr' => ["'unsafe-inline'"],
             'img-src' => array_unique($imgSources),
             'font-src' => array_unique($fontSources),