Where should I go to find out why these restrictions apply to
I suppose it'd be a big security issue if you could, from an
https:// URI, read an arbitrary
file:// URI, especially if you're getting raw bytes (like via WASM loading APIs) rather than "just" attempting to interpret the file as HTML, CSS, or JS. But I would think that
file:// requests could (should?) be considered same-origin for CORS.
Similarly, it might make sense to turn off strict MIME checking for
file:// URIs, since the fs doesn't (can't?) set a MIME type. Or maybe have the browser set the MIME type for files via extension, the same way a file serving web server would.
I understand that "load this through
py -m http.server or similar isn't that big of a requirement for developers... except when it is, like for
cargo doc --open/