diff --git a/web/middleware.ts b/web/middleware.ts
index 3fee535ea4..b5e3104508 100644
--- a/web/middleware.ts
+++ b/web/middleware.ts
@@ -33,7 +33,7 @@ export function middleware(request: NextRequest) {
   const cspHeader = `
     default-src 'self' ${scheme_source} ${csp} ${whiteList};
     connect-src 'self' ${scheme_source} ${csp} ${whiteList};
-    script-src 'self' ${scheme_source} ${csp} ${whiteList};
+    script-src 'self' 'wasm-unsafe-eval' ${scheme_source} ${csp} ${whiteList};
     style-src 'self' 'unsafe-inline' ${scheme_source} ${whiteList};
     worker-src 'self' ${scheme_source} ${csp} ${whiteList};
     media-src 'self' ${scheme_source} ${csp} ${whiteList};
@@ -56,6 +56,7 @@ export function middleware(request: NextRequest) {
     contentSecurityPolicyHeaderValue,
   )
 
+  response.headers.set('x-nonce', nonce)
   response.headers.set(
     'Content-Security-Policy',
     contentSecurityPolicyHeaderValue,