violates the following Content Security Policy directive: "default-src 'self'".
Nginx 解决内容安全策略CSP(Content-Security-Policy)配置方式(漏洞修复) - 龙凌云端 - 博客园 (cnblogs.com)
add_header Content-Security-Policy "default-src 'self' sfa8.yashili.cn ynby.oss-cn-shenzhen.aliyuncs.com webapi.amap.com 'unsafe-inline' 'unsafe-eval' blob: data: ;";
标签:src,directive,default,self,Content,Policy,Security From: https://www.cnblogs.com/hixiaowei/p/16808135.html