diff --git a/puppet/zulip/files/nginx/zulip-include-maybe/uploads-route.direct b/puppet/zulip/files/nginx/zulip-include-maybe/uploads-route.direct
index 3cbaa72f52..329250cbcc 100644
--- a/puppet/zulip/files/nginx/zulip-include-maybe/uploads-route.direct
+++ b/puppet/zulip/files/nginx/zulip-include-maybe/uploads-route.direct
@@ -1,6 +1,6 @@
 location /user_uploads {
     add_header X-Content-Type-Options nosniff;
-    add_header Content-Security-Policy "default-src 'none' img-src 'self'";
+    add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; object-src 'self'; plugin-types application/pdf;";
     include /etc/nginx/zulip-include/uploads.types;
     alias /home/zulip/uploads/files;
 }
diff --git a/puppet/zulip/files/nginx/zulip-include-maybe/uploads-route.internal b/puppet/zulip/files/nginx/zulip-include-maybe/uploads-route.internal
index 9b656bafe1..6bad36e825 100644
--- a/puppet/zulip/files/nginx/zulip-include-maybe/uploads-route.internal
+++ b/puppet/zulip/files/nginx/zulip-include-maybe/uploads-route.internal
@@ -1,7 +1,7 @@
 location /serve_uploads {
     internal;
     add_header X-Content-Type-Options nosniff;
-    add_header Content-Security-Policy "default-src 'none' img-src 'self'";
+    add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; object-src 'self'; plugin-types application/pdf;";
     include /etc/nginx/zulip-include/uploads.types;
     alias /home/zulip/uploads/files;
 }