1 files changed, 7 insertions, 3 deletions

diff --git a/test/haketilo_test/unit/test_policy_enforcing.py b/test/haketilo_test/unit/test_policy_enforcing.py
index bbc3eb9..4bc6470 100644
--- a/test/haketilo_test/unit/test_policy_enforcing.py
+++ b/test/haketilo_test/unit/test_policy_enforcing.py
@@ -31,15 +31,19 @@ nonce = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
 allow_policy = {'allow': True}
 block_policy = {
     'allow': False,
-    'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'none'; script-src-elem 'none'; frame-src http://* https://*;"
+    'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'none' 'unsafe-eval'; script-src-elem 'none'; frame-src http://* https://*;"
 }
 payload_policy = {
     'mapping': 'somemapping',
     'payload': {'identifier': 'someresource'},
-    'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'nonce-{nonce}'; script-src-elem 'nonce-{nonce}';"
+    'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'nonce-{nonce}' 'unsafe-eval'; script-src-elem 'nonce-{nonce}';"
 }
 
-content_script = load_script('content/policy_enforcing.js') + ''';{
+def content_script():
+    return load_script('content/policy_enforcing.js') + \
+        content_script_appended_code
+
+content_script_appended_code = ''';{
 const smuggled_what_to_do = /^[^#]*#?(.*)$/.exec(document.URL)[1];
 const what_to_do = smuggled_what_to_do === "" ? {policy: {allow: true}} :
                    JSON.parse(decodeURIComponent(smuggled_what_to_do));