Content-Security-Policy(csp)
ow-same-origin allow-scripts allow-popups, allow-modals, allow-orientation-lock, allow-pointer-lock, allow-presentation, allow-popups-to-escape-sandbox, and allow-top-navigation 策略来放开相应的操作report-uri/some-report-uri指令值所有以-src结尾的指令都可以用一下的值来定义过滤规则,多个规则之间可以用空格来隔开值demo说明*img-src *允许任意地址的url,但是不包括 blob: