diff --git a/Kyoo/Controllers/FileManager.cs b/Kyoo/Controllers/FileManager.cs
index 533045c3..3fd3cf75 100644
--- a/Kyoo/Controllers/FileManager.cs
+++ b/Kyoo/Controllers/FileManager.cs
@@ -20,6 +20,7 @@ namespace Kyoo.Controllers
 				_provider.Mappings[".mkv"] = "video/x-matroska";
 				_provider.Mappings[".ass"] = "text/x-ssa";
 				_provider.Mappings[".srt"] = "application/x-subrip";
+				_provider.Mappings[".m3u8"] = "application/x-mpegurl";
 			}
 
 			if (_provider.TryGetContentType(path, out string contentType))
diff --git a/Kyoo/Startup.cs b/Kyoo/Startup.cs
index dc28f787..165db8cd 100644
--- a/Kyoo/Startup.cs
+++ b/Kyoo/Startup.cs
@@ -197,7 +197,7 @@ namespace Kyoo
 				ctx.Response.Headers.Remove("X-Powered-By");
 				ctx.Response.Headers.Remove("Server");
 				ctx.Response.Headers.Add("Feature-Policy", "autoplay 'self'; fullscreen");
-				ctx.Response.Headers.Add("Content-Security-Policy", "default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com");
+				ctx.Response.Headers.Add("Content-Security-Policy", "default-src 'self' blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com");
 				ctx.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
 				ctx.Response.Headers.Add("Referrer-Policy", "no-referrer");
 				ctx.Response.Headers.Add("Access-Control-Allow-Origin", "null");
diff --git a/transcoder b/transcoder
index 7bd7e526..ffb51f20 160000
--- a/transcoder
+++ b/transcoder
@@ -1 +1 @@
-Subproject commit 7bd7e526ee2b489f8674b9f779a11e8ae4959f30
+Subproject commit ffb51f20fad0e19747a1515b0aaa2d1e43abc573