nginx violates the following Content Security Policy directive: "default-src 'self'".

violates the following Content Security Policy directive: "default-src 'self'". 

Nginx 解决内容安全策略CSP（Content-Security-Policy）配置方式（漏洞修复） - 龙凌云端 - 博客园 (cnblogs.com)

add_header Content-Security-Policy "default-src 'self' sfa8.yashili.cn ynby.oss-cn-shenzhen.aliyuncs.com  webapi.amap.com  'unsafe-inline' 'unsafe-eval' blob: data: ;";