diff --git a/.ruby-version b/.ruby-version
index 94ff29c..0aec50e 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-3.1.1
+3.1.4
diff --git a/Dockerfile.production b/Dockerfile.production
index 3f34831..20379ae 100644
--- a/Dockerfile.production
+++ b/Dockerfile.production
@@ -30,8 +30,8 @@ RUN rm /etc/nginx/sites-enabled/default
 RUN mkdir -p $HOME
 WORKDIR $HOME
 
-RUN bash -lc 'rvm install ruby-3.1.1'
-RUN bash -lc 'rvm --default use ruby-3.1.1'
+RUN bash -lc 'rvm install ruby-3.1.4'
+RUN bash -lc 'rvm --default use ruby-3.1.4'
 
 RUN gem install bundler -v 2.4.10
 
diff --git a/Gemfile b/Gemfile
index 2acbb77..6728566 100644
--- a/Gemfile
+++ b/Gemfile
@@ -4,7 +4,7 @@ DECIDIM_VERSION = { git: 'https://github.com/decidim/decidim', tag: 'v0.28.0' }.
 
 source "https://rubygems.org"
 
-ruby '3.1.1'
+ruby '3.1.4'
 
 
 gem "decidim", DECIDIM_VERSION
diff --git a/Gemfile.lock b/Gemfile.lock
index 46121c1..b66bfee 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -820,6 +820,7 @@ GEM
 
 PLATFORMS
   arm64-darwin-21
+  arm64-darwin-23
   x86_64-linux
 
 DEPENDENCIES
@@ -844,7 +845,7 @@ DEPENDENCIES
   web-console
 
 RUBY VERSION
-   ruby 3.1.1p18
+   ruby 3.1.4p223
 
 BUNDLED WITH
    2.4.10
diff --git a/config/initializers/decidim.rb b/config/initializers/decidim.rb
index 00eeda9..0aca47c 100644
--- a/config/initializers/decidim.rb
+++ b/config/initializers/decidim.rb
@@ -36,6 +36,17 @@
 
   # Defines the social networking services used for social sharing
   config.social_share_services = %w(X Facebook WhatsApp Telegram)
+
+  config.content_security_policies_extra = {
+    "default-src" => %w('self' 'unsafe-inline'),
+    "script-src" => %w('self' 'unsafe-inline' 'unsafe-eval'),
+    "style-src" => %w('self' 'unsafe-inline'),
+    "img-src" => %w('self' *.hereapi.com data: *.amazonaws.com),
+    "font-src" => %w('self'),
+    "connect-src" => %w('self' *.hereapi.com *.jsdelivr.net *.amazonaws.com),
+    "frame-src" => %w('self' *.youtube.com www.youtube-nocookie.com player.vimeo.com *.google.com *.airtable.com *.flourish.studio),
+    "media-src" => %w('self')
+  }
 end
 
 # Inform Decidim about the assets folder