Don't most (all?) browsers consider file:// and localhost to be secure for the sake of enabling those features?
https://developer.mozilla.org/en-US/docs/Web/Security/Defens...
Don't most (all?) browsers consider file:// and localhost to be secure for the sake of enabling those features?
https://developer.mozilla.org/en-US/docs/Web/Security/Defens...
Unfortunately, no. CORS will block this on Chrome and Firefox.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/COR...
The security risk : https://www.mozilla.org/en-US/security/advisories/mfsa2019-2...
You need a local webserver. Or bundle everything in one html file.
The devil is in the details though... There are ways to make it work, securely, as I've figured out.