node-npm安全性插件helmet
于helmet的csp包var csp = require('helmet-csp');//各类资源文件的白名单配置app.use(csp({ directives: { defaultSrc: ["'self'", 'default.com'], styleSrc: ["'self'", 'maxcdn.bootstrapcdn.com'], imgSrc: ['img.com', 'data:'], sandbox: ['allow-forms', 'allow-scripts'], reportUri: '/report-violation', o