Content-Security-Policy(csp)
c'self'定义页面插件的过滤策略,如 <object>, <embed> 或者<applet>等元素media-srcmedia.example.com定义媒体的过滤策略,如 HTML6的 <audio>, <video>等元素frame-src'self'定义加载子frmae的策略sandboxallow-forms allow-scripts沙盒模式,会阻止页面弹窗/js执行等,你可以通过添加allow-forms allow-same-origin allow-scripts allow-popups, allow-modals, allow-orientation-lock, a