<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">header里面有这样的声明,它的意思就是会在加载 http 资源时自动替换成 https 请求删除它
