diff --git a/lib/Controller/OtherController.php b/lib/Controller/OtherController.php
index 8b83e6b4..9ad2d464 100644
--- a/lib/Controller/OtherController.php
+++ b/lib/Controller/OtherController.php
@@ -73,11 +73,7 @@ class OtherController extends ApiBase
             'Content-Type' => 'application/javascript',
             'Service-Worker-Allowed' => '/',
         ]);
-        $policy = new ContentSecurityPolicy();
-        $policy->addAllowedWorkerSrcDomain("'self'");
-        $policy->addAllowedScriptDomain("'self'");
-        $policy->addAllowedConnectDomain("'self'");
-        $response->setContentSecurityPolicy($policy);
+        $response->setContentSecurityPolicy(PageController::getCSP());
 
         return $response;
     }
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index e4a5fe1f..547ba61c 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -102,9 +102,21 @@ class PageController extends Controller
     /** Get the common content security policy */
     public static function getCSP()
     {
+        // Image domains MUST be added to the connect domain list
+        // because of the service worker fetch() call
+        $addImageDomain = function ($url) use (&$policy) {
+            $policy->addAllowedImageDomain($url);
+            $policy->addAllowedConnectDomain($url);
+        };
+
+        // Create base policy
         $policy = new ContentSecurityPolicy();
         $policy->addAllowedWorkerSrcDomain("'self'");
         $policy->addAllowedScriptDomain("'self'");
+        $policy->addAllowedFrameDomain("'self'");
+        $policy->addAllowedImageDomain("'self'");
+        $policy->addAllowedMediaDomain("'self'");
+        $policy->addAllowedConnectDomain("'self'");
 
         // Video player
         $policy->addAllowedWorkerSrcDomain('blob:');
@@ -116,8 +128,8 @@ class PageController extends Controller
 
         // Allow OSM
         $policy->addAllowedFrameDomain('www.openstreetmap.org');
-        $policy->addAllowedImageDomain('https://*.tile.openstreetmap.org');
-        $policy->addAllowedImageDomain('https://*.a.ssl.fastly.net');
+        $addImageDomain('https://*.tile.openstreetmap.org');
+        $addImageDomain('https://*.a.ssl.fastly.net');
 
         return $policy;
     }
diff --git a/src/components/top-matter/MapSplitMatter.vue b/src/components/top-matter/MapSplitMatter.vue
index 93dbdd91..2e152656 100644
--- a/src/components/top-matter/MapSplitMatter.vue
+++ b/src/components/top-matter/MapSplitMatter.vue
@@ -3,6 +3,7 @@
     <LMap
       class="map"
       ref="map"
+      :crossOrigin="true"
       :zoom="zoom"
       :minZoom="2"
       @moveend="refresh"