Jenkins 1.641 / Jenkins 1.625.3 introduces the Content-Security-Policy header to static files served by Jenkins. This new restrictive header applies the following policies:
`sandbox; default-src 'none'; img-src 'self'; style-src 'self';
`
[Full details here](https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy).

Unsurprisingly, this breaks the display of the Serenity Report when using the [Thucydidies plugin](https://wiki.jenkins-ci.org/display/JENKINS/Thucydides+Plugin), as scripts and CSS used in the report get blocked.

I've had a bash at fixing it with a [pull request](https://github.com/jenkinsci/thucydides-plugin/pull/1) in the same way the cucumber project fixed their plugin.