CSP声明中缺少对象-src、 点击劫持:CSP 帧祖先缺失 问题处理

public/index.html

@@ -5,6 +5,7 @@
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width,initial-scale=1.0">
+  <meta http-equiv="Content-Security-Policy" content="object-src 'none';">
   <title>郑州市土壤环境监管平台</title>
   <link rel="icon" href="<%= BASE_URL %>logo.png">
   <link rel="stylesheet" href="<%= BASE_URL %>mapboxgl/mapbox-gl.css">
@@ -276,6 +277,16 @@
   </style>
   <!-- 全局配置 -->
   <script>
+    //禁止iframe嵌套
+    try {
+      top.location.hostname;
+      if(top.location.hostname !== window.location.hostname) {
+        top.location.href = window.location.href;
+      }
+    } catch(e) {
+      top.location.href = window.location.href;
+    }
+
     window._CONFIG = {};
     var IWSAgent = new IWSAgent();	//初始化
     send();	//校验程序可用