Fix CSP to allow inline style and refresh

Add filter to all webapps

apps/i2ptunnel/jsp/edit.jsp

@@ -2,7 +2,7 @@
     // NOTE: Do the header carefully so there is no whitespace before the <?xml... line
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
-    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %><%@page pageEncoding="UTF-8"

apps/i2ptunnel/jsp/index.jsp

@@ -6,7 +6,7 @@
         request.setCharacterEncoding("UTF-8");
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
-    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %><%@page pageEncoding="UTF-8"

apps/i2ptunnel/jsp/web.xml

@@ -4,6 +4,15 @@
     "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
 
 <web-app>
+    <filter>
+        <filter-name>XSSFilter</filter-name>
+        <filter-class>net.i2p.servlet.filters.XSSFilter</filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>XSSFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
     <!-- precompiled servlets -->
 
     <!-- yeah we could do this in a handler but this is easier -->

apps/i2ptunnel/jsp/wizard.jsp

@@ -6,7 +6,7 @@
         request.setCharacterEncoding("UTF-8");
 
     response.setHeader("X-Frame-Options", "SAMEORIGIN");
-    response.setHeader("Content-Security-Policy", "default-src 'self'");
+    response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
     response.setHeader("X-XSS-Protection", "1; mode=block");
 
 %><%@page pageEncoding="UTF-8"