diff --git a/demo/nuxt.config.ts b/demo/nuxt.config.ts
index 9754f867..b8a1504b 100644
--- a/demo/nuxt.config.ts
+++ b/demo/nuxt.config.ts
@@ -44,6 +44,18 @@ export default defineNuxtConfig({
       crossOriginOpenerPolicy: 'same-origin',
       crossOriginEmbedderPolicy: 'unsafe-none',
       // the following needs to match the settings in ./public/staticwebapp.config.json
+      contentSecurityPolicy: {
+        'base-uri': ["'self'"],
+        'font-src': ["'self' data:"],
+        'form-action': ["'self'"],
+        'frame-ancestors': ["'self'"],
+        'img-src': ["'self' https://add-to-calendar-button.com data:"],
+        'object-src': ["'none'"],
+        'script-src-attr': ["'self'"],
+        'script-src': ["'self' 'unsafe-inline' https://*.add-to-calendar-button.com"],
+        'style-src': ["'self' 'unsafe-inline' https://add-to-calendar-button.com"],
+        //'upgrade-insecure-requests': true,
+      },
       referrerPolicy: 'strict-origin-when-cross-origin',
       strictTransportSecurity: {
         maxAge: 31536000,