diff --git a/src/pretix/base/middleware.py b/src/pretix/base/middleware.py
index 313ba60361..459d5e996c 100644
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -149,9 +149,9 @@ class SecurityMiddleware:
             'default-src': "{static}",
             'script-src': '{static} https://js.stripe.com',
             'object-src': "'none'",
-            'frame-src': "'none'",
+            'frame-src': '{static} https://js.stripe.com',
             'style-src': "{static}",
-            'img-src': "{static} data:",
+            'img-src': "{static} data: https://*.stripe.com",
             'form-action': "{dynamic}",
         }
         if 'Content-Security-Policy' in resp: