diff --git a/changelog/unreleased/bugfix-oc10-pdf-display b/changelog/unreleased/bugfix-oc10-pdf-display
new file mode 100644
index 00000000000..18773fd28a2
--- /dev/null
+++ b/changelog/unreleased/bugfix-oc10-pdf-display
@@ -0,0 +1,7 @@
+Bugfix:  PDF display issue - Update CSP object-src policy
+
+PDF display is associated with object-src / frame-src policy with blob values. 
+
+We allow those for only : 'self' blob:;
+
+https://github.com/owncloud/web/pull/8498
diff --git a/packages/web-integration-oc10/lib/Controller/FilesController.php b/packages/web-integration-oc10/lib/Controller/FilesController.php
index 5c4a49b8ee2..e2e6557c387 100644
--- a/packages/web-integration-oc10/lib/Controller/FilesController.php
+++ b/packages/web-integration-oc10/lib/Controller/FilesController.php
@@ -124,16 +124,20 @@ public function getFile(string $path): Response {
 			$response->setContentSecurityPolicy($csp);
 		}
 		if (\strpos($path, "index.html") === 0) {
-            $csp = new ContentSecurityPolicy();
-            $csp->allowInlineScript(true);
-            $csp = $this->applyCSPOpenIDConnect($csp);
+			$csp = new ContentSecurityPolicy();
+			$csp->allowInlineScript(true);
+			$csp = $this->applyCSPOpenIDConnect($csp);
+			
+			// Required to support PDF Viewer
+			$csp->addAllowedFrameDomain('\'self\'');
+			$csp->addAllowedObjectDomain('\'self\' blob:');
 
-            // for now we set CSP rules manually, until we have sufficient requirements for a generic solution.
-            $csp = $this->applyCSPOnlyOffice($csp);
-            $csp = $this->applyCSPRichDocuments($csp);
+			// for now we set CSP rules manually, until we have sufficient requirements for a generic solution.
+			$csp = $this->applyCSPOnlyOffice($csp);
+			$csp = $this->applyCSPRichDocuments($csp);
 
-            $response->setContentSecurityPolicy($csp);
-        }
+			$response->setContentSecurityPolicy($csp);
+		}
 
 		return $response;
 	}