Has someone setup content security policy header for Opennms?

I’m configuring some HTTP headers like X-frame via Apache but got stuck at CSP policy.
I have tried:

Content-Security-Policy: default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content

but this breaks OpenNMS. Can someone share me CSP config please.

What breaks?

Few that i found were,

  1. The login page image won’t load
  2. The search function is not working.
  3. The req screen shows “no req” even when there are requistions added.
  4. The service list on add interface is not displayed.