diff --git a/lib/Controller/RawResponse.php b/lib/Controller/RawResponse.php
index 837d056..fee38a3 100644
--- a/lib/Controller/RawResponse.php
+++ b/lib/Controller/RawResponse.php
@@ -5,7 +5,7 @@ trait RawResponse {
 	protected function returnRawResponse($content, $mimetype) {
 		// Ugly hack to prevent security middleware messing up the CSP.
 		header(
-			"Content-Security-Policy: sandbox; default-src 'none'; img-src data:; media-src data; "
+			"Content-Security-Policy: sandbox; default-src 'none'; img-src data:; media-src data:; "
 			. "style-src data: 'unsafe-inline'; font-src data:; frame-src data:"
 		);
 		header("Content-Type: ${mimetype}");