diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 91d287e0..c07c7751 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -7,7 +7,7 @@
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 
 Rails.application.config.content_security_policy do |policy|
-  policy.default_src :self
+  policy.default_src :self, :blob
   # XXX: Varios scripts generan estilos en línea
   policy.style_src   :self, :unsafe_inline, :https
   # Repetimos la default para poder saber cuál es la política en falta