diff --git a/ansible/roles/nginx_site_config/templates/tildes.conf.jinja2 b/ansible/roles/nginx_site_config/templates/tildes.conf.jinja2
index e7a348c..a025e7c 100644
--- a/ansible/roles/nginx_site_config/templates/tildes.conf.jinja2
+++ b/ansible/roles/nginx_site_config/templates/tildes.conf.jinja2
@@ -18,6 +18,9 @@ map $request_uri $csp_header {
     # The CSP for the Stripe donation page:
     # - "https://js.stripe.com" in script-src and frame-src is needed for Stripe
     "~^/donate_stripe$" "default-src 'none'; script-src 'self' https://js.stripe.com; style-src 'self'; img-src 'self' data:; connect-src 'self'; manifest-src 'self'; frame-src 'self' https://js.stripe.com; form-action 'self'; frame-ancestors 'none'; base-uri 'none'";
+    # The CSP for the API explorer Swagger UI:
+    # - "unsafe-inline" in script-src is needed for the script in the template index.html
+    "~^/api/beta/ui$" "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self' data:; connect-src 'self'; manifest-src 'self'; form-action 'self'; frame-ancestors 'none'; base-uri 'none'";
 }
 
 server {
diff --git a/tildes/tildes/tweens.py b/tildes/tildes/tweens.py
index a4c3879..9031c1f 100644
--- a/tildes/tildes/tweens.py
+++ b/tildes/tildes/tweens.py
@@ -3,7 +3,6 @@
 
 """Contains Pyramid "tweens", used to insert additional logic into request-handling."""
 
-import secrets
 from collections.abc import Callable
 from time import time
 
@@ -107,35 +106,8 @@ def theme_cookie_tween_factory(handler: Callable, registry: Registry) -> Callabl
     return theme_cookie_tween
 
 
-def inject_csp_header_tween_factory(handler: Callable, registry: Registry) -> Callable:
-    # pylint: disable=unused-argument
-    """Return a tween function that sets a CSP nonce (for Swagger UI)."""
-
-    def inject_csp_header_tween(request: Request) -> Response:
-        """Generate a CSP nonce and add it to the request and response.
-
-        Only apply to specific routes defined here, to minimize performance overhead.
-        """
-        nonce = None
-        route_name = request.matched_route.name if request.matched_route else None
-        if route_name == "pyramid_openapi3.explorer":
-            nonce = secrets.token_urlsafe(16)
-            request.csp_nonce = nonce
-
-        response = handler(request)
-
-        if nonce:
-            response.headers["Content-Security-Policy"] = (
-                f"script-src 'self' 'nonce-{nonce}'"
-            )
-        return response
-
-    return inject_csp_header_tween
-
-
 def includeme(config: Configurator) -> None:
     """Attach Tildes tweens to the Pyramid config."""
     config.add_tween("tildes.tweens.http_method_tween_factory")
     config.add_tween("tildes.tweens.metrics_tween_factory")
     config.add_tween("tildes.tweens.theme_cookie_tween_factory")
-    config.add_tween("tildes.tweens.inject_csp_header_tween_factory")