CSP is a server-side HTTP response header that dictates which resources the browser is allowed to load.
Instead of a global “allow all JS,” consider: unblock javascript