Wasm code generation disallowed by embedder in Chrome

问题

I am embedding a WebGL game built in Unity on my web app built in Flask. I use a CSP for security purposes on the backend but even after including the wasm-eval directive in my CSP, I continue to get these errors only in Chrome:

UnityLoader.js:4 failed to asynchronously prepare wasm: CompileError: WebAssembly.instantiate(): Wasm code generation disallowed by embedder

printErr @ UnityLoader.js:4
UnityLoader.js:4 CompileError: WebAssembly.instantiate(): Wasm code generation disallowed by embedder
    at blob:http://localhost:5000/510c750f-1181-4d80-926f-dc71e527c16b:8:31195

Uncaught (in promise) abort({}) at Error
    at jsStackTrace (blob:http://localhost:5000/cd04e961-d5f5-490c-8869-fbc73dd40aa4:8:22295)
    at Object.stackTrace (blob:http://localhost:5000/cd04e961-d5f5-490c-8869-fbc73dd40aa4:8:22466)
    at Object.onAbort (http://localhost:5000/static/desert_run/Build/UnityLoader.js:4:11118)
    at abort (blob:http://localhost:5000/cd04e961-d5f5-490c-8869-fbc73dd40aa4:8:446869)
    at blob:http://localhost:5000/cd04e961-d5f5-490c-8869-fbc73dd40aa4:8:31316

I am not sure what I need to fix, and the unsafe-eval directive for script-src doesn't work either. Here is my CSP and the code I use in _init_.py to implement it on the backend:

from flask import Flask, url_for, current_app
from flask_talisman import Talisman

csp = {
    "default-src": [
        "'self'",
        'https://www.youtube.com',
        'blob:',
        'wasm-eval'
    ],
    'script-src': [ "'self'",
                    'blob:',
                    'wasm-eval',
                    'https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js',
                    'https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js',
                    'https://cdnjs.cloudflare.com/ajax/libs/socket.io/2.2.0/socket.io.js',
                    'https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js']
}
talisman = Talisman()
app = Flask(__name__)

def create_app():
 talisman.init_app(app)
 talisman.content_security_policy = csp
 talisman.content_security_policy_report_uri = "/csp_error_handling"
 return app

来源：https://stackoverflow.com/questions/62763453/wasm-code-generation-disallowed-by-embedder-in-chrome