diff --git a/patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch b/patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch
new file mode 100644
index 0000000..eba7c0c
--- /dev/null
+++ b/patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch
@@ -0,0 +1,33 @@
+ lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
+ lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php    | 3 ++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+index 85ae127f5f..91618a09fc 100644
+--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
++++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager {
+ 	 * @return bool
+ 	 */
+ 	public function browserSupportsCspV3() {
++		// YunoHost patch: disable CSPv3 nonces to:
++		// - avoid white page on first login from YunoHost portal
++		// - allow YunoHost tile display
++		return false;
+ 		$browserWhitelist = [
+ 			Request::USER_AGENT_CHROME,
+ 			// Firefox 45+
+diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+index 64d4eb6e5d..59d5885620 100644
+--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
++++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy {
+ 
+ 		if(!empty($this->allowedFontDomains)) {
+ 			$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
+-			$policy .= ';';
++			// YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script
++			$policy .= ' data:;';
+ 		}
+ 
+ 		if(!empty($this->allowedConnectDomains)) {