diff --git a/lib/defaults.js b/lib/defaults.js
index a4a2a847e..e6653cdea 100644
--- a/lib/defaults.js
+++ b/lib/defaults.js
@@ -32,7 +32,7 @@ Default.commonCSP = function (domain, sandbox) {
 
         // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
         "frame-ancestors *",
-        "worker-src 'self'" + domain + sandbox,
+        "worker-src 'self'", // + domain + sandbox,
         ""
     ];
 };
diff --git a/www/checkup/main.js b/www/checkup/main.js
index a80939677..0ffb22237 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -1000,7 +1000,7 @@ define([
                 'img-src': ["'self'", 'data:', 'blob:', $outer],
                 'media-src': ['blob:'],
                 //'frame-ancestors': ['*'], // XXX IFF you want to support remote embedding
-                'worker-src': ["'self'", $outer, $sandbox],
+                'worker-src': ["'self'"], // , $outer, $sandbox],
             });
             cb(result);
         });
@@ -1037,7 +1037,7 @@ define([
                 'img-src': ["'self'", 'data:', 'blob:', $outer],
                 'media-src': ['blob:'],
                 //'frame-ancestors': ['*'], // XXX IFF you want to support remote embedding
-                'worker-src': ["'self'", $outer, $sandbox],
+                'worker-src': ["'self'"],//, $outer, $sandbox],
             });
 
             cb(result);