diff --git a/lib/Controller/AppController.php b/lib/Controller/AppController.php
index db37e3b0..6dd88fdc 100644
--- a/lib/Controller/AppController.php
+++ b/lib/Controller/AppController.php
@@ -32,6 +32,7 @@
 use OCP\IConfig;
 use OCP\IInitialStateService;
 use OCP\IRequest;
+use OCP\AppFramework\Http\FeaturePolicy;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Controller;
 
@@ -63,6 +64,12 @@ public function index() {
 		$csp->addAllowedFrameDomain($this->request->getServerHost());
 		$response->setContentSecurityPolicy($csp);
 
+		$featurePolicy = new FeaturePolicy();
+		$featurePolicy->addAllowedCameraDomain('\'self\'');
+		$featurePolicy->addAllowedMicrophoneDomain('\'self\'');
+
+		$response->setFeaturePolicy($featurePolicy);
+
 		return $response;
 	}
 }
diff --git a/lib/Controller/StaticController.php b/lib/Controller/StaticController.php
index ad22c7cb..fe66d77e 100644
--- a/lib/Controller/StaticController.php
+++ b/lib/Controller/StaticController.php
@@ -30,6 +30,7 @@
 use OC\Security\CSP\ContentSecurityPolicyNonceManager;
 use OCA\RiotChat\FileResponse;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\FeaturePolicy;
 use OCP\AppFramework\Http\NotFoundResponse;
 use OCP\Files\IMimeTypeDetector;
 use OCP\IConfig;
@@ -162,6 +163,12 @@ private function createFileResponseWithContent(string $path, string $content, $c
 
 		$response->setContentSecurityPolicy($csp);
 
+		$featurePolicy = new FeaturePolicy();
+		$featurePolicy->addAllowedCameraDomain('\'self\'');
+		$featurePolicy->addAllowedMicrophoneDomain('\'self\'');
+
+		$response->setFeaturePolicy($featurePolicy);
+
 		return $response;
 	}
 
diff --git a/templates/index.php b/templates/index.php
index 12f25e6f..bc42cd80 100644
--- a/templates/index.php
+++ b/templates/index.php
@@ -3,5 +3,5 @@
 script('riotchat', 'main');
 ?>
 
-<iframe id="riot-iframe" scrolling="no"></iframe>
+<iframe id="riot-iframe" scrolling="no" allow="camera; microphone; display-capture"></iframe>