diff --git a/sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java b/sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java
index aa1c22dbb2..d97858247b 100644
--- a/sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java
+++ b/sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java
@@ -37,7 +37,7 @@ public class HtmlResourceFilter implements Filter, Ordered {
             httpResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
             httpResponse.setHeader(HttpHeaders.EXPIRES, "0");
         }
-        httpResponse.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'self'");
+        httpResponse.setHeader("Content-Security-Policy", "default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *; img-src * data: blob:; font-src * data:; connect-src *; frame-ancestors 'self'");
         httpResponse.setHeader("X-Content-Type-Options", "nosniff");
         httpResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
         httpResponse.setHeader("X-XSS-Protection", "1; mode=block");