Update apache header content-security-policy

[kbrock]

updates:

• object-src https://github.com/ManageIQ/manageiq/pull/23001
• font-src img-src, style-src https://github.com/ManageIQ/manageiq/pull/21822
• connect-src https://github.com/ManageIQ/manageiq-ui-classic/pull/8227
• style-src, script-src: https://github.com/ManageIQ/manageiq/pull/4647

see also:

• https://github.com/ManageIQ/manageiq-pods/pull/1093

[miq-bot]

Checked commit https://github.com/kbrock/manageiq-appliance/commit/269999aa4998048a566fcb5a7f46529d2df0c255 with ruby 2.7.8, rubocop 1.56.3, haml-lint 0.51.0, and yamllint 0 files checked, 0 offenses detected Everything looks fine. :cookie:

[Fryguy]

I don't think these should match, particularly the unsafe-eval and unsafe-inline. We should only make these match where it makes sense for assets for packs retrieval. Let's discuss over voice...I'm not convinced we should do any of these and in fact I'm wondering if we should remove some the original values.

[miq-bot]

This pull request has been automatically marked as stale because it has not been updated for at least 3 months.

If these changes are still valid, please remove the stale label, make any changes requested by reviewers (if any), and ensure that this issue is being looked at by the assigned/reviewer(s).

[miq-bot]

This pull request has been automatically marked as stale because it has not been updated for at least 3 months.

If these changes are still valid, please remove the stale label, make any changes requested by reviewers (if any), and ensure that this issue is being looked at by the assigned/reviewer(s).