diff --git a/muse_for_music/routes.py b/muse_for_music/routes.py
index 956a690..df89594 100644
--- a/muse_for_music/routes.py
+++ b/muse_for_music/routes.py
@@ -5,23 +5,6 @@
 from .user_api import register_user_api
 from .api import register_api
 
-UI_BP = Blueprint("ui_blueprint", __name__, url_prefix="/")
-
-
-@UI_BP.before_request
-def before_requests():
-    nonce = getattr(g, 'nonce', '')
-    if not nonce:
-        g.nonce = token_urlsafe(32)
-
-
-@UI_BP.after_request
-def inject_csp_headers(response: Response):
-    nonce = getattr(g, 'nonce', '')
-    script_nonce = f"'nonce-{nonce}'" if nonce else ""
-    response.headers["Content-Security-Policy"] = f"default-src 'self'; script-src {script_nonce} 'self'; style-src 'self' 'unsafe-inline'"
-    return response
-
 
 def register_routes(app: Flask, flask_static_digest):
 
@@ -33,6 +16,24 @@ def register_routes(app: Flask, flask_static_digest):
         register_debug_routes(app)
 
 
+    UI_BP = Blueprint("ui_blueprint", __name__, url_prefix="/")
+
+
+    @UI_BP.before_request
+    def before_requests():
+        nonce = getattr(g, 'nonce', '')
+        if not nonce:
+            g.nonce = token_urlsafe(32)
+
+
+    @UI_BP.after_request
+    def inject_csp_headers(response: Response):
+        nonce = getattr(g, 'nonce', '')
+        script_nonce = f"'nonce-{nonce}'" if nonce else ""
+        response.headers["Content-Security-Policy"] = f"default-src 'self'; script-src {script_nonce} 'self'; style-src 'self' 'unsafe-inline'"
+        return response
+
+
     @UI_BP.route('/', defaults={'path': ''})
     @UI_BP.route('/<path:path>')
     def index(path: str):
diff --git a/pyproject.toml b/pyproject.toml
index c1f6761..161dc2e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -43,6 +43,14 @@ sphinx-click = "^2.5.0"
 line-length = 90
 include = '\.pyi?$'
 
+[tool.pytest.ini_options]
+pythonpath=[
+    ".",
+]
+testpaths=[
+    "tests",
+]
+
 [tool.sphinx]
 copyright-year = 2021
 enable-autodoc = true