Explain Codes LogoExplain Codes Logo

How to launch HTML using Chrome at "--allow-file-access-from-files" mode?

html
local-server
security-best-practices
web-development
Nikita BarsukovbyNikita Barsukov·Oct 31, 2024
TLDR

If you wish to open local HTML files with JavaScript file access, you can launch Chrome using the --allow-file-access-from-files flag:

Windows:

chrome.exe --allow-file-access-from-files "file:///C:/path/to/yourfile.html"

Mac/Linux:

google-chrome --allow-file-access-from-files "/path/to/yourfile.html"

Before running these commands, make sure all Chrome instances are closed and adjust the path to match your HTML file.

Using a local server

While --allow-file-access-from-files allows swift debugging and development, it might cause security vulnerabilities.

By default, web documents shouldn't interact with your local file:/// resources. A safer, more effective approach to grant file access is by using a local HTTP server.

Installing a local HTTP server

You can use either http-server with npm or Python's SimpleHTTPServer module as follows:

npm install http-server -g # npm package python -m SimpleHTTPServer # Python package

After navigating to your project directory, you can start serving files:

http-server # Launch the server here and it's party time!

Opening pages in a local server

Your HTML files served through a local server will be available on http://localhost:8000, presented with accurate AJAX calls and CORS handling, resembling a true web environment.

Inescapable usage of the "--allow-file-access-from-files" flag

If using a local server is not an option for your case, and you're sure you want to use --allow-file-access-from-files, do it responsibly:

  1. Verify the path to your Chrome installation. Check this via chrome://version.
  2. Close all instances of Chrome before running the command. Ghosts of Chrome-past can be stubborn!
  3. When running the command, use the correct executable. Sometimes chrome.exe feels too mainstream!

Proceed with caution

Security should be your best friend

--allow-file-access-from-files should be used prudently. Always scrutinise what you're going to test before you dive into the deep end.

Is the flag working as expected?

Don't count your chickens before they hatch! After using the flag, ensure everything works as expected by checking the console for errors in the Chrome DevTools.

Don't leave your backdoor open

After testing, make sure to close Chrome and launch it in standard mode. An excellent cook should always clean the kitchen afterward!