node-npm安全性插件helmet
lt.com'], styleSrc: ["'self'", 'maxcdn.bootstrapcdn.com'], imgSrc: ['img.com', 'data:'], sandbox: ['allow-forms', 'allow-scripts'], reportUri: '/report-violation', objectSrc: [], // An empty array allows nothing through }});四、点击劫持(Clickjacking)说到点击劫持首先应该清楚HTML的<iframe>标签,使用这个标签可以有效地