diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs
index 6127446ad..026dde008 100644
--- a/server/core/src/https/mod.rs
+++ b/server/core/src/https/mod.rs
@@ -186,7 +186,7 @@ pub async fn create_https_server(
             "frame-ancestors 'none'; ",
             "img-src 'self' data:; ",
             "worker-src 'none'; ",
-            "script-src 'self'{};",
+            "script-src 'self' 'unsafe-eval'{};",
         ),
         js_checksums
     );