diff --git a/api/nginx.conf b/api/nginx.conf
index da9eb75b7..6145bbc88 100644
--- a/api/nginx.conf
+++ b/api/nginx.conf
@@ -30,7 +30,7 @@ http {
         add_header 'Referrer-Policy' 'strict-origin-when-cross-origin' always;
         add_header 'Strict-Transport-Security' 'max-age=31536000; includeSubDomains; preload' always;
         add_header 'Permissions-Policy' 'fullscreen=(self), geolocation=(self), clipboard-read=(self), clipboard-write=(self)' always;
-        add_header 'Content-Security-Policy' "default-src 'self' tiles.API_URL; img-src 'self' data: tiles.API_URL; worker-src 'self' blob:; style-src-attr 'unsafe-inline'; upgrade-insecure-requests;" always;
+        add_header 'Content-Security-Policy' "default-src 'self' *.API_URL; img-src 'self' data: *.API_URL; worker-src 'self' blob:; style-src-attr 'unsafe-inline'; upgrade-insecure-requests;" always;
 
         location / {
             if ($request_uri ~ ^/(.*)\.html) {