<meta http-equiv="Content-Security-Policy"
content="default-src 'self' data:  http:   'unsafe-eval';
     object-src 'none';
     script-src 'self'    'unsafe-eval'   'unsafe-inline'  https://g.alicdn.com https://cdn.jsdeliver.net  https://cdn.bootcss.com https://suggest.taobao.com   ${csp_script_src} ;
     connect-src * 'self'    'unsafe-eval'   'unsafe-inline'    ${csp_connect_src} ;
     style-src 'self' 'unsafe-inline'  https://cdn.bootcss.com ${csp_style_src};
     media-src   'self'   ${csp_media_src}  ;
     img-src    * 'self'   data:  https://cdn.bootcss.com  ${csp_img_src} ;
     font-src     'self'  data:    https://cdn.bootcss.com  ${csp_font_src} ;
     worker-src  *  'self'   'unsafe-eval' 'unsafe-inline'  blob:   ${csp_worker_src} ;
     manifest-src  'self'    ${csp_manifest_src} ;
  ">
