Content-Security-Policy(csp)
xallow-forms allow-scripts沙盒模式,会阻止页面弹窗/js执行等,你可以通过添加allow-forms allow-same-origin allow-scripts allow-popups, allow-modals, allow-orientation-lock, allow-pointer-lock, allow-presentation, allow-popups-to-escape-sandbox, and allow-top-navigation 策略来放开相应的操作report-uri/some-report-uri指令值所有以-src结尾的指令都可以