diff --git a/bedrock/settings/__init__.py b/bedrock/settings/__init__.py
index 1616e66d916..7ee10920f6a 100644
--- a/bedrock/settings/__init__.py
+++ b/bedrock/settings/__init__.py
@@ -129,6 +129,8 @@
     CONTENT_SECURITY_POLICY_REPORT_ONLY["DIRECTIVES"]["style-src"].remove(csp.constants.UNSAFE_INLINE)
     CONTENT_SECURITY_POLICY_REPORT_ONLY["DIRECTIVES"]["upgrade-insecure-requests"] = True
     CONTENT_SECURITY_POLICY_REPORT_ONLY["DIRECTIVES"]["base-uri"] = [csp.constants.NONE]
+    CONTENT_SECURITY_POLICY_REPORT_ONLY["DIRECTIVES"]["script-src"].remove(csp.constants.UNSAFE_EVAL)
+    CONTENT_SECURITY_POLICY_REPORT_ONLY["DIRECTIVES"]["script-src"].remove(csp.constants.UNSAFE_INLINE)
 
 
 # `CSP_PATH_OVERRIDES` and `CSP_PATH_OVERRIDES_REPORT_ONLY` are mainly for overriding CSP settings
@@ -163,7 +165,11 @@ def _override_csp(csp, append: dict[str, list[str]] = None, replace: dict[str, l
 
 if csp_ro_report_uri:
     # Path based overrides for report-only CSP.
-    CMS_ADMIN_CSP_RO = _override_csp(CONTENT_SECURITY_POLICY_REPORT_ONLY, replace={"frame-ancestors": [csp.constants.SELF]})
+    CMS_ADMIN_CSP_RO = _override_csp(
+        CONTENT_SECURITY_POLICY_REPORT_ONLY,
+        append={"script-src": [csp.constants.UNSAFE_INLINE]},
+        replace={"frame-ancestors": [csp.constants.SELF]},
+    )
     CMS_ADMIN_IMAGES_CSP_RO = _override_csp(CONTENT_SECURITY_POLICY_REPORT_ONLY, append={"img-src": ["blob:"]})
 
     CSP_PATH_OVERRIDES_REPORT_ONLY = {
diff --git a/webpack.config.js b/webpack.config.js
index 7837cc03e53..059261fa4bb 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -45,6 +45,7 @@ module.exports = {
         path: path.resolve(__dirname, 'assets/'),
         publicPath: '/media/'
     },
+    devtool: 'source-map',
     optimization: {
         minimizer: [
             new TerserPlugin({