Where to install content security policy

I have a Jenkins server that refuses to open some AngularJS based reports correctly and returns the following error in the console:

Refused to load font ' http: // host: 8080 / job / JobName% 20Automated% 20Functional% 20Tests% 20-% 2 ... A-INF / resources / webjars / Semantic-UI / 0.19.0 / packaged / fonts / basic.icons.woff 'because it violates the following content security policy directive: msgstr "default-src" none "Note that' font-src 'was not explicitly set, so' default-src 'is used as a fallback.

The solution was not that hard to find, but I was unable to apply it. So based on numerous other answers, it's on SO:

Jenkins Content Security Policy

Refrain from applying inline style because it violates the following content security policy directive

I need to relax my CSP settings to allow this content. However, I'm not sure where to apply it. Are these CSP settings per page or per server? I believe in Jenkins case the policy should be installed on the underlying server that Jenkins is running? In that case, would I have to set the policy from the command line when I started Jenkins? So something like this?

C: .jenkins> Java -Dhudson.model.DirectoryBrowserSupport.CSP = "script -src 'self' 'unsafe-eval'; object-src 'self'" -jar jenkins.war

but that didn't solve my problem. So I just want to establish if my method of setting the policy is wrong or is the actual policy I am setting is wrong?