diff --git a/deploy/csp/index.js b/deploy/csp/index.js
index 4ce347a10fbce23d2d50acd0ed02f1f4a3e9f9db..851356521254224d517c63c6225dbdf11db6650e 100644
--- a/deploy/csp/index.js
+++ b/deploy/csp/index.js
@@ -3,7 +3,10 @@ const bodyParser = require('body-parser')
 
 let ALLOWED_DEFAULT_SRC, DATA_SRC
 
-const reportOnly = process.env.NODE_ENV !== 'production'
+// TODO bandaid solution
+// OKD/nginx reverse proxy seems to strip csp header
+// without it, testSafari.js will trigger no unsafe eval csp
+const reportOnly = true || process.env.NODE_ENV !== 'production'
 
 try {
   ALLOWED_DEFAULT_SRC = JSON.parse(process.env.ALLOWED_DEFAULT_SRC || '[]')