diff --git a/Changelog.md b/Changelog.md
index 7ed54213c..74e65ed54 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -7,6 +7,7 @@
 
 ## Bug fixes
 * Fix compatibility with newer glibc versions [#7828](https://github.com/diaspora/diaspora/pull/7828)
+* Allow fonts to be served from asset host in CSP [#7825](https://github.com/diaspora/diaspora/pull/7825)
 
 ## Features
 
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 6f4e64318..57a5b72c8 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -21,6 +21,7 @@ SecureHeaders::Configuration.default do |config|
 
   if AppConfig.environment.assets.host.present?
     asset_host = Addressable::URI.parse(AppConfig.environment.assets.host.get).host
+    csp[:font_src] << asset_host
     csp[:script_src] << asset_host
     csp[:style_src] << asset_host
   end