Fix CSP to allow inline style and refresh

Add filter to all webapps

apps/susimail/src/WEB-INF/web.xml

@@ -3,6 +3,15 @@
     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
     "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
 <web-app>
+    <filter>
+        <filter-name>XSSFilter</filter-name>
+        <filter-class>net.i2p.servlet.filters.XSSFilter</filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>XSSFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
   <display-name>susimail</display-name>
   <servlet>
     <servlet-name>SusiMail</servlet-name>

apps/susimail/src/src/i2p/susi/webmail/WebMail.java

@@ -1562,7 +1562,7 @@ public class WebMail extends HttpServlet
 		httpRequest.setCharacterEncoding("UTF-8");
 		response.setCharacterEncoding("UTF-8");
                 response.setHeader("X-Frame-Options", "SAMEORIGIN");
-                response.setHeader("Content-Security-Policy", "default-src 'self'");
+                response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
                 response.setHeader("X-XSS-Protection", "1; mode=block");
 		RequestWrapper request = new RequestWrapper( httpRequest );