diff --git a/Dockerfile b/Dockerfile
index 4c47eae54..c7068a768 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,5 +11,6 @@ FROM nginx:stable-alpine
 EXPOSE 5000
 ENV PORT=5000
 ENV BACKEND_URL=http://localhost
+ENV CSP=
 COPY installation/docker.conf.template /etc/nginx/templates/default.conf.template
 COPY --from=build /app/static /usr/share/nginx/html
diff --git a/installation/docker.conf.template b/installation/docker.conf.template
index 0c13a26a3..2759f765a 100644
--- a/installation/docker.conf.template
+++ b/installation/docker.conf.template
@@ -50,7 +50,7 @@ server {
 
   # Content Security Policy (CSP)
   # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-  add_header Content-Security-Policy "base-uri 'none'; default-src 'none'; font-src 'self'; img-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline'; media-src 'self' https: data:; frame-src 'self' https:; manifest-src 'self'; connect-src 'self' data: blob:; script-src 'self'; child-src 'self'; worker-src 'self';";
+  add_header Content-Security-Policy "${CSP}";
 
   # Fallback route.
   # Try static files, then fall back to the SPA.
@@ -97,7 +97,7 @@ server {
     proxy_set_header Proxy "";
     proxy_pass_header Server;
 
-    proxy_pass ${BACKEND_URL};
+    proxy_pass "${BACKEND_URL}";
     proxy_buffering on;
     proxy_redirect off;
     proxy_http_version 1.1;