diff --git a/README.md b/README.md
index f70cc48..dbeadaa 100644
--- a/README.md
+++ b/README.md
@@ -47,7 +47,7 @@ X-Frame-Options "DENY";
 ```
 A working Content Security Policy looks like that:
 ```
-Content-Security-Policy "img-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'none';";
+Content-Security-Policy "img-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'wasm-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'none';";
 ```
 
 ## Development
diff --git a/main.js b/main.js
index 94d4352..a1f76e8 100644
--- a/main.js
+++ b/main.js
@@ -213,7 +213,7 @@ function createJitsiMeetWindow() {
         minHeight: 600,
         show: false,
         webPreferences: {
-            enableBlinkFeatures: 'RTCInsertableStreams,WebAssemblySimd',
+            enableBlinkFeatures: 'RTCInsertableStreams,WebAssemblySimd,WebAssemblyCSP',
             enableRemoteModule: true,
             contextIsolation: false,
             nativeWindowOpen: true,