diff --git a/patches/protonmail/captcha-3.patch b/patches/protonmail/captcha-3.patch
index bb8cdb5ed..d17626683 100644
--- a/patches/protonmail/captcha-3.patch
+++ b/patches/protonmail/captcha-3.patch
@@ -1,12 +1,53 @@
 diff --git a/packages/components/containers/api/humanVerification/Captcha.tsx b/packages/components/containers/api/humanVerification/Captcha.tsx
-index af1defc99..cbf37a9a3 100644
+index af1defc99..52b9928a2 100644
 --- a/packages/components/containers/api/humanVerification/Captcha.tsx
 +++ b/packages/components/containers/api/humanVerification/Captcha.tsx
-@@ -11,6 +11,7 @@ const getIframeUrl = (token: string, theme?: CaptchaTheme) => {
+@@ -4,6 +4,7 @@ import { getApiSubdomainUrl } from '@proton/shared/lib/helpers/url';
+ import { Loader } from '../../../components/loader';
+ import { CaptchaTheme } from './interface';
+
++/* electron-mail mark */
+ const getIframeUrl = (token: string, theme?: CaptchaTheme) => {
+     const url = getApiSubdomainUrl('/core/v4/captcha');
+     url.searchParams.set('Token', token);
+@@ -11,8 +12,10 @@ const getIframeUrl = (token: string, theme?: CaptchaTheme) => {
      if (theme === 'dark') {
          url.searchParams.set('Dark', 'true');
      }
 +    url.protocol = "https:";
      return url;
  };
++/* electron-mail mark */
+
+ interface Props {
+     token: string;
+
+diff --git a/packages/shared/lib/helpers/url.ts b/packages/shared/lib/helpers/url.ts
+index c2fbd33da..d0c274c8c 100644
+--- a/packages/shared/lib/helpers/url.ts
++++ b/packages/shared/lib/helpers/url.ts
+@@ -175,13 +175,16 @@ export const getSecondLevelDomain = (hostname: string) => {
+     return hostname.substr(hostname.indexOf('.') + 1);
+ };
+
++/* electron-mail mark */
+ export const getRelativeApiHostname = (hostname: string) => {
+     const idx = hostname.indexOf('.');
+     const first = hostname.substr(0, idx);
+     const second = hostname.substr(idx + 1);
+     return `${first}-api.${second}`;
+ };
++/* electron-mail mark */
+
++/* electron-mail mark */
+ export const getApiSubdomainUrl = (pathname: string) => {
+     const url = new URL('/', window.location.origin);
+     if (url.hostname === 'localhost') {
+@@ -192,6 +195,7 @@ export const getApiSubdomainUrl = (pathname: string) => {
+     url.pathname = pathname;
+     return url;
+ };
++/* electron-mail mark */
 
+ export const getAppUrlFromApiUrl = (apiUrl: string, appName: APP_NAMES) => {
+     const { subdomain } = APPS_CONFIGURATION[appName];
diff --git a/src/electron-main/web-request/index.ts b/src/electron-main/web-request/index.ts
index bde04d2bd..b78e213eb 100644
--- a/src/electron-main/web-request/index.ts
+++ b/src/electron-main/web-request/index.ts
@@ -224,6 +224,18 @@ export function initWebRequestListenersByAccount(
                 patchCorsResponseHeaders(responseHeaders, corsProxy);
             }
 
+            if (new URL(details.url).pathname === "/core/v4/captcha") {
+                for (const headerName of Object.keys(responseHeaders)) {
+                    const headerValues = responseHeaders[headerName];
+                    if (headerName.toLowerCase() !== "content-security-policy" || !headerValues) {
+                        continue;
+                    }
+                    responseHeaders[headerName] = headerValues.map((headerValue) => {
+                        return headerValue.replace(/(frame-ancestors|report-uri|report-to)[\s]+([^;]*)[;]?/gi, "");
+                    });
+                }
+            }
+
             patchSameSiteCookieRecord(responseHeaders);
 
             callback({responseHeaders});