diff --git a/typo3/sysext/core/Classes/Controller/FileDumpController.php b/typo3/sysext/core/Classes/Controller/FileDumpController.php
index 99a060d4d5c1ac66589a349f08363be5d2202f28..0951fe6c75b97b709ae870498f78e4a625fe1547 100644
--- a/typo3/sysext/core/Classes/Controller/FileDumpController.php
+++ b/typo3/sysext/core/Classes/Controller/FileDumpController.php
@@ -240,9 +240,13 @@ class FileDumpController
     {
         $extension = PathUtility::pathinfo($file->getName(), PATHINFO_EXTENSION);
         // same as in `typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess`
-        $policy = $extension === 'pdf' || $response->getHeaderLine('content-type') === 'application/pdf'
-            ? "default-src 'self' 'unsafe-inline'; script-src 'none'; object-src 'self'; plugin-types application/pdf;"
-            : "default-src 'self'; script-src 'none'; style-src 'none'; object-src 'none';";
+        if ($extension === 'pdf' || $response->getHeaderLine('content-type') === 'application/pdf') {
+            $policy = "default-src 'self' 'unsafe-inline'; script-src 'none'; object-src 'self'; plugin-types application/pdf;";
+        } elseif ($extension === 'svg' || $response->getHeaderLine('content-type') === 'image/svg+xml') {
+            $policy = "default-src 'self'; script-src 'none'; style-src 'unsafe-inline'; object-src 'none';";
+        } else {
+            $policy = "default-src 'self'; script-src 'none'; style-src 'none'; object-src 'none';";
+        }
         return $response->withAddedHeader('content-security-policy', $policy);
     }
 }
diff --git a/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess b/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess
index 5f660d0c6066a10a816f1f7f1744f1026fbe9062..ec06e6b34528644a3777c2c0539b201fcb150341 100644
--- a/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess
+++ b/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess
@@ -7,8 +7,12 @@
     <FilesMatch "\.pdf$">
         Header set Content-Security-Policy "default-src 'self' 'unsafe-inline'; script-src 'none'; object-src 'self'; plugin-types application/pdf;"
     </FilesMatch>
+    # matching requested *.svg files only (allows using inline styles when serving SVG files)
+    <FilesMatch "\.svg">
+        Header set Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'unsafe-inline'; object-src 'none';"
+    </FilesMatch>
     # matching anything else, using negative lookbehind pattern
-    <FilesMatch "(?<!\.pdf)$">
+    <FilesMatch "(?<!\.(?:pdf|svg))$">
         Header set Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'none'; object-src 'none';"
     </FilesMatch>