不支持iframe二次嵌套么？

[ShaofeiZi]

复现步骤：简单使用一个<iframe src="http://localhost:7099"></iframe> 将主程序嵌入

保错

DOMException: Blocked a frame with origin "http://localhost:7099" from accessing a cross-origin frame.
    at baseGetTag (http://localhost:7099/main.e31bb0bc.js:32740:48)
    at isFunction (http://localhost:7099/main.e31bb0bc.js:41321:17)
    at Object.get (http://localhost:7099/main.e31bb0bc.js:47228:34)
    at Object.parcelRequire.node_modules/react-dom/lib/ReactDOM.js../ReactDOMComponentTree (eval at exec (http://localhost:7099/main.e31bb0bc.js:27521:11), <anonymous>:22165:48)
    at newRequire (eval at exec (http://localhost:7099/main.e31bb0bc.js:27521:11), <anonymous>:47:24)
    at localRequire (eval at exec (http://localhost:7099/main.e31bb0bc.js:27521:11), <anonymous>:53:14)
    at Object.parcelRequire.node_modules/react-dom/index.js../lib/ReactDOM (eval at exec (http://localhost:7099/main.e31bb0bc.js:27521:11), <anonymous>:22213:18)
    at newRequire (eval at exec (http://localhost:7099/main.e31bb0bc.js:27521:11), <anonymous>:47:24)
    at localRequire (eval at exec (http://localhost:7099/main.e31bb0bc.js:27521:11), <anonymous>:53:14)
    at Object.parcelRequire.index.js.antd/dist/antd.min.css (eval at exec (http://localhost:7099/main.e31bb0bc.js:27521:11), <anonymous>:112700:40)

我了解这是一个安全策略？除了将域统一之外，是否有解？

[ShaofeiZi]

附上重现代码
看起来是csp的锅。但是我配置可能是有问题？

<!doctype html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport"
        content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="ie=edge">
  <meta http-equiv="Content-Security-Policy" content="script-src 'self' 127.0.0.1:* 'unsafe-eval' 'unsafe-inline' ">
  <title>Test</title>
</head>
<body>
    <iframe width="100%" height="300px" src="http://127.0.0.1:7099"></iframe>
</body>
</html>

[kuitos]

fixed and released v1.1.2