SecurityError：拒绝访问跨域对象上的属性“文档”的权限

Question

问题：：尝试从Firefox中的document访问iframe中加载的网站的http://localhost:8080时，出现以下错误。

错误：

SecurityError: Permission denied to access property "document" on cross-origin object

Javascript：

const innerDocument = document.getElementById('frame').contentWindow.document

我读到我需要启用CORS / CSP，因此我尝试覆盖Squid代理中的以下响应标头，但仍然出现错误：

squid.conf

reply_header_replace Access-Control-Allow-Origin http://localhost:8080
reply_header_replace X-Frame-Options allow-from http://localhost:8080
reply_header_replace X-XSS-Protection 0
reply_header_replace Content-Security-Policy ... frame-ancestors 'self' http://localhost:8080;

（实际响应标题-否，编号Access-Control-Allow-Origin）：

HTTP/1.1 200 Connection established
Date: Mon, 08 Jul 2019 04:46:20 GMT
Content-Type: text/html
Last-Modified: Thu, 04 Jul 2019 12:15:37 GMT
X-Frame-Options: allow-from http://localhost:8080
X-XSS-Protection: 0
Content-Security-Policy: default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' http://localhost:8080 http://squid-proxy;
X-Content-Security-Policy: default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' http://localhost:8080 http://squid-proxy;
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
CF-RAY: 4f2f69eac8fd65a3-SYD
Content-Encoding: gzip
X-Cache: MISS from d3fc9f808bad
X-Cache-Lookup: MISS from d3fc9f808bad:3128
Transfer-Encoding: chunked
Connection: keep-alive

问题：我可以覆盖响应标头或更改Firefox中的设置以绕过此错误吗？

工具：

• Firefox 67.0.4（64位）
• Squid Cache: Version 3.5.27