diff --git a/storage/blob.py b/storage/blob.py
index 0de6734..0954a15 100644
--- a/storage/blob.py
+++ b/storage/blob.py
@@ -82,7 +82,7 @@ def get_info(self, name):
             raise FileNotFoundError(f"The file {name} doesn't exist")
 
         # save the prefix for later use
-        self._prefix = data["blobs"][0]["url"].removeprefix(name).rstrip("/").removeprefix(self.folder).rstrip("/")
+        self._prefix = data["blobs"][0]["url"].removesuffix(name).rstrip("/").removesuffix(self.folder).rstrip("/")
         return data["blobs"][0]
 
     def url(self, name):
diff --git a/website/settings/security.py b/website/settings/security.py
index 11c9d09..af8edae 100644
--- a/website/settings/security.py
+++ b/website/settings/security.py
@@ -2,6 +2,8 @@
 import re
 from urllib.parse import quote, urlparse
 
+from django.core.files.storage import default_storage
+from django.utils.functional import lazy
 from django.utils.translation import gettext_lazy as _
 
 from .env import DEBUG, PRODUCTION, SENTRY_DSN, SENTRY_SDK
@@ -40,6 +42,10 @@
         "https://hcaptcha.com",
         "https://*.hcaptcha.com",
     ],
+    "img-src": [
+        "self",
+        lazy(lambda: getattr(default_storage, "_prefix", "")),
+    ],
     "style-src": [
         "self",
         "https://cdn.jsdelivr.net",