When having CSP protection enabled, the script header in GiteePushTrigger#doGenerateSecretToken and GiteePushTrigger#doClearSecretToken cannot be evaluated.

1. Create freestyle job
2. Check "Build when a change is pushed to Gitee."
3. Scroll down, click "Generate" or "Clear" next "Secret Token for Gitee WebHook".

This should be done differently. https://github.com/jenkinsci/jenkins/pull/20345 improves the core implementation to support a CSP-compliant variant of this feature.