diff --git a/roles/datagrepper/templates/datagrepper-fedmsg.py b/roles/datagrepper/templates/datagrepper-fedmsg.py
index c6f0989b92..e8a9246319 100644
--- a/roles/datagrepper/templates/datagrepper-fedmsg.py
+++ b/roles/datagrepper/templates/datagrepper-fedmsg.py
@@ -17,4 +17,8 @@ config = {
     'fedmenu_url': 'https://apps.fedoraproject.org/fedmenu',
     'fedmenu_data_url': 'https://apps.fedoraproject.org/js/data.js',
     {% endif %}
+
+    # Only allow ajax/websockets connections back to our domains.
+    # https://github.com/fedora-infra/datagrepper/pull/192
+    'content_security_policy': 'connect-src https://*.fedoraproject.org wss://*.fedoraproject.org'
 }