diff --git a/apps/red-ui/src/app/modules/file-preview/components/pdf-viewer/pdf-viewer.component.ts b/apps/red-ui/src/app/modules/file-preview/components/pdf-viewer/pdf-viewer.component.ts
index 03ed3c9e6..72fa76200 100644
--- a/apps/red-ui/src/app/modules/file-preview/components/pdf-viewer/pdf-viewer.component.ts
+++ b/apps/red-ui/src/app/modules/file-preview/components/pdf-viewer/pdf-viewer.component.ts
@@ -552,13 +552,19 @@ export class PdfViewerComponent extends AutoUnsubscribe implements OnInit, OnCha
         return entry;
     }
 
-    private _loadDocument(blob: Blob, file: File) {
+    private async _loadDocument(blob: Blob, file: File) {
         const onError = () => {
             this._loadingService.stop();
             this._errorService.set(DocLoadingError);
             this.stateService.reloadBlob();
         };
-        this.instance.UI.loadDocument(blob, { filename: file?.filename + '.pdf' ?? 'document.pdf', onError });
+
+        const pdfNet = this.instance.Core.PDFNet;
+
+        await pdfNet.initialize(environment.licenseKey ? atob(environment.licenseKey) : null);
+        const document = await pdfNet.PDFDoc.createFromBuffer(await blob.arrayBuffer());
+        await document.flattenAnnotations(false);
+        this.instance.UI.loadDocument(document, { filename: file?.filename + '.pdf' ?? 'document.pdf', onError });
         this._pageRotationService.clearRotationsHideActions();
     }
 
diff --git a/docker/common/nginx/nginx.conf b/docker/common/nginx/nginx.conf
index 4c51b152e..73661a583 100644
--- a/docker/common/nginx/nginx.conf
+++ b/docker/common/nginx/nginx.conf
@@ -6,7 +6,7 @@ server {
   root /usr/share/nginx/html;
   # SSL stuff for cloudflare proxy-ing - ignores SSL certificate and uses SNI
 
-  add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'blob' data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: blob: 'unsafe-inline'; script-src-attr 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
+  add_header Content-Security-Policy "default-src 'self'; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: blob: 'unsafe-inline'; script-src-attr 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:";
 
   proxy_ssl_verify off;
   proxy_read_timeout 1m;