diff --git a/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts b/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts
index d390597216cc55a83bd083ac822e061663062faf..7c1a407c554aa4d2a72a21acc7db2ba8d1530c27 100644
--- a/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts
+++ b/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts
@@ -41,14 +41,7 @@ export class MastodonApiServerService {
 		});
 
 		fastify.addHook('onRequest', (request, reply, done) => {
-			reply.header('Content-Security-Policy', `default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 
-			script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 
-			connect-src * data: blob: 'unsafe-inline'; 
-			img-src * data: blob: 'unsafe-inline'; 
-			frame-src * data: blob: ; 
-			style-src * data: blob: 'unsafe-inline';
-			font-src * data: blob: 'unsafe-inline';
-			frame-ancestors * data: blob: 'unsafe-inline';`);
+			reply.header('Access-Control-Allow-Origin', '*');
 			done();
 		});