diff --git a/invenio.cfg b/invenio.cfg
index 4fb295d..b064101 100644
--- a/invenio.cfg
+++ b/invenio.cfg
@@ -107,6 +107,8 @@ APP_DEFAULT_SECURE_HEADERS = {
             "data:", # for fonts
             "'unsafe-inline'", # for inline scripts and styles
             "blob:", # for pdf preview
+            "fly.storage.tigris.dev", # for S3 object storage
+            "s3.eu-central-1.amazonaws.com", # for S3 object storage
             # Add your own policies here (e.g. analytics)
         ],
         "img-src": [
@@ -190,9 +192,7 @@ FILES_REST_STORAGE_FACTORY='invenio_s3.s3fs_storage_factory'
 S3_ENDPOINT_URL='http://localhost:9000/'
 S3_ACCESS_KEY_ID='CHANGE_ME'
 S3_SECRET_ACCESS_KEY='CHANGE_ME'
-
-# content-security-policy for S3
-APP_DEFAULT_SECURE_HEADERS['content_security_policy']['default-src'].append(S3_ENDPOINT_URL)
+S3_REGION_NAME='us-east-1'
 
 # Invenio-Records-Resources
 # =========================