From 67c6e62446a8a924d442fd9b07feaf6756dcc844 Mon Sep 17 00:00:00 2001
From: Bruno Verachten <gounthar@gmail.com>
Date: Tue, 21 Apr 2026 16:10:13 +0200
Subject: [PATCH] fix(jcasc): use correct CspConfiguration attributes for CSP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CspConfiguration only accepts 'enforce' and 'advanced' — not 'header'.
The 'header' attribute caused a fatal UnknownAttributesException at
startup. Replace with enforce: true to enable CSP with Jenkins'
default built-in policy.

Signed-off-by: Bruno Verachten <gounthar@gmail.com>
---
 dockerfiles/jenkins.yaml | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/dockerfiles/jenkins.yaml b/dockerfiles/jenkins.yaml
index 4a399a9f..2bbf824a 100644
--- a/dockerfiles/jenkins.yaml
+++ b/dockerfiles/jenkins.yaml
@@ -42,13 +42,7 @@ credentials:
           username: "jenkins"
 security:
   contentSecurityPolicy:
-    header: >-
-      sandbox allow-same-origin allow-scripts allow-popups allow-forms;
-      default-src 'self';
-      img-src 'self' data:;
-      style-src 'self' 'unsafe-inline';
-      script-src 'self' 'unsafe-inline';
-      font-src 'self';
+    enforce: true
 unclassified:
   location:
     url: "http://127.0.0.1:8080/"