diff --git a/lib/csp.js b/lib/csp.js
index 0987df8..96be533 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -9,7 +9,7 @@ var defaultDirectives = {
   // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
   imgSrc: ['*'],
   styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://assets-cdn.github.com'], // unsafe-inline is required for some libs, plus used in views
-  fontSrc: ['\'self\'', 'https://public.slidesharecdn.com'],
+  fontSrc: ['\'self\'', 'data:', 'https://public.slidesharecdn.com'],
   objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
   mediaSrc: ['*'],
   childSrc: ['*'],
diff --git a/package.json b/package.json
index 6d46122..6a48e90 100644
--- a/package.json
+++ b/package.json
@@ -46,7 +46,7 @@
     "gist-embed": "~2.6.0",
     "graceful-fs": "^4.1.11",
     "handlebars": "^4.0.6",
-    "helmet": "^3.3.0",
+    "helmet": "^3.13.0",
     "highlight.js": "~9.12.0",
     "i18n": "^0.8.3",
     "imgur": "git+https://github.com/hackmdio/node-imgur.git",