diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 0212b9d9507b7ca1df11a7c9b007e7c1242461dc..6b62e6f337f24398ca7e6bdee3ac3a61bd9fa030 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -36,7 +36,7 @@ Rails.application.config.content_security_policy do |p|
     p.worker_src  :self, :blob, assets_host
   else
     p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url
-    p.script_src  :self, assets_host, "'unsafe-wasm-eval'"
+    p.script_src  :self, assets_host, "'wasm-unsafe-eval'"
     p.child_src   :self, :blob, assets_host
     p.worker_src  :self, :blob, assets_host
   end