fix(jcasc): use correct CspConfiguration attributes for CSP (#2186)

CspConfiguration only accepts 'enforce' and 'advanced' — not 'header'.
The 'header' attribute caused a fatal UnknownAttributesException at
startup. Replace with enforce: true to enable CSP with Jenkins'
default built-in policy.

Signed-off-by: Bruno Verachten <gounthar@gmail.com>

Author: gounthar

dockerfiles/jenkins.yaml

@@ -42,13 +42,7 @@ credentials:
           username: "jenkins"
 security:
   contentSecurityPolicy:
-    header: >-
-      sandbox allow-same-origin allow-scripts allow-popups allow-forms;
-      default-src 'self';
-      img-src 'self' data:;
-      style-src 'self' 'unsafe-inline';
-      script-src 'self' 'unsafe-inline';
-      font-src 'self';
+    enforce: true
 unclassified:
   location:
     url: "http://127.0.0.1:8080/"