diff --git a/controller/webviewcontroller.php b/controller/webviewcontroller.php
index 3d62e314..eaf68950 100644
--- a/controller/webviewcontroller.php
+++ b/controller/webviewcontroller.php
@@ -12,6 +12,7 @@
 
 namespace OCA\Bookmarks\Controller;
 
+use OCP\AppFramework\Http\ContentSecurityPolicy;
 use \OCP\IRequest;
 use \OCP\AppFramework\Http\TemplateResponse;
 use \OCP\AppFramework\Controller;
@@ -38,7 +39,13 @@ class WebViewController extends Controller {
 	public function index() {
 		$bookmarkleturl = $this->urlgenerator->getAbsoluteURL('index.php/apps/bookmarks/bookmarklet');
 		$params = array('user' => $this->userId, 'bookmarkleturl' => $bookmarkleturl);
-		return new TemplateResponse('bookmarks', 'main', $params);
+
+		$policy = new ContentSecurityPolicy();
+		$policy->addAllowedFrameDomain("'self'");
+
+		$response = new TemplateResponse('bookmarks', 'main', $params);
+		$response->setContentSecurityPolicy($policy);
+		return $response;
 	}
 
 	/**