diff --git a/safeweb/http.go b/safeweb/http.go
index 77853f6ee..96ef8f9a7 100644
--- a/safeweb/http.go
+++ b/safeweb/http.go
@@ -89,7 +89,7 @@ var defaultCSP = strings.Join([]string{
 	`form-action 'self'`,      // disallow form submissions to other origins
 	`base-uri 'self'`,         // disallow base URIs from other origins
 	`block-all-mixed-content`, // disallow mixed content when serving over HTTPS
-	`object-src 'none'`,       // disallow embedding of resources from other origins
+	`object-src 'self'`,       // disallow embedding of resources from other origins
 }, "; ")
 
 // Config contains the configuration for a safeweb server.