diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml
index 7c5c217c7..286922e87 100644
--- a/roles/matrix-grafana/defaults/main.yml
+++ b/roles/matrix-grafana/defaults/main.yml
@@ -3,7 +3,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 7.5.7
+matrix_grafana_version: 8.0.0
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 
@@ -38,11 +38,11 @@ matrix_grafana_default_admin_password: admin
 matrix_grafana_content_security_policy: true
 
 # specify content security policy template to customized template
-# added 'unsafe-inline' (ignored by browsers supporting nonces/hashes) to be backward compatible with older browsers.
 # added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers.
 # [Content Security Policy Browser Test] (https://content-security-policy.com/browser-test/)
 # [Content Security Policy Reference](https://content-security-policy.com/script-src/)
 matrix_grafana_content_security_policy_customized: true
+matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"
 
 # A list of extra arguments to pass to the container
 matrix_grafana_container_extra_arguments: []
diff --git a/roles/matrix-grafana/templates/grafana.ini.j2 b/roles/matrix-grafana/templates/grafana.ini.j2
index 322762b42..8f4c88f08 100644
--- a/roles/matrix-grafana/templates/grafana.ini.j2
+++ b/roles/matrix-grafana/templates/grafana.ini.j2
@@ -13,7 +13,7 @@ content_security_policy = "{{ matrix_grafana_content_security_policy }}"
 
 # specify content security policy template to customized template
 {% if matrix_grafana_content_security_policy_customized %}
-content_security_policy_template = """script-src http: https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
+content_security_policy_template = """{{ matrix_grafana_content_security_policy_template }}"""
 {% endif %}
 
 [auth.anonymous]