Patching random places in code is problematic. See this gist for an example showing how apps can add custom Content Security Policies: MyCSP app for ownCloud · GitHub
Also see the initial PR: Add public API to give developers the possibility to adjust the global CSP defaults by LukasReschke · Pull Request #21989 · owncloud/core · GitHub