diff --git a/railties/lib/rails/application_controller.rb b/railties/lib/rails/application_controller.rb
index 8c00633515..ac698ed91d 100644
--- a/railties/lib/rails/application_controller.rb
+++ b/railties/lib/rails/application_controller.rb
@@ -7,8 +7,8 @@ class Rails::ApplicationController < ActionController::Base # :nodoc:
   before_action :disable_content_security_policy_nonce!
 
   content_security_policy do |policy|
-    policy.script_src :unsafe_inline
-    policy.style_src :unsafe_inline
+    policy.script_src :self, :unsafe_inline
+    policy.style_src :self, :unsafe_inline
   end
 
   private