diff --git a/app/Http/Middleware/ContentSecurityPolicyHeader.php b/app/Http/Middleware/ContentSecurityPolicyHeader.php
index a85c430e63..dd0d39cf36 100644
--- a/app/Http/Middleware/ContentSecurityPolicyHeader.php
+++ b/app/Http/Middleware/ContentSecurityPolicyHeader.php
@@ -14,7 +14,7 @@ class ContentSecurityPolicyHeader
      */
     public function handle($request, Closure $next)
     {
-        if (config('app.disable_csp')=='true') {
+        if ((config('app.debug')=='true')  || (config('app.disable_csp')=='true')) {
             $response = $next($request);
             return $response;
         }