A colleague pointed me towards the issue JENKINS-32118 which showed that the issue was related to Content Security Policy (CSP). The workaround mentioned was to disable csp, however that seemed a bit extreme.
Under RHEL/CentOS you can edit your Jenkins startup configuration to add the option suggested:
# diff /etc/sysconfig/jenkins.orig /etc/sysconfig/jenkins 47c47 < JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true" --- > JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=false"
A restart later and you should be back in business.