I’m using a local file with a file:// URL and getting a “CORS request not HTTP” error loading a resource with a custom protocol I defined and included in about:config.
This is completely broken behavior, and no amount of security risk from this use case can possibly justify the amount of functionality this eliminates.
The only POSSIBLE risk to this scenario is if someone downloads a file and then loads it locally on a machine on which someone has defined a custom protocol that happens to be exploited in the downloaded file. Basically someone would have to have had complete access to the machine before the file is loaded, so NO AMOUNT OF SECURITY CONSTRAINT IMPOSED BY FIREFOX CAN POSSIBLY SAVE ANYONE FROM ANY RISK IN THIS SCENARIO (because, in case you can’t figure it out, the machine would already have to be completely compromised).
STOP making changes to the app just because you can without reasonably considering whether you actually should!!!
This is so maddening that I am now downgrading to FF 96 (or as far back as it takes) and will NOT be installing any newer release of Firefox until I see proof this idiotic course of development has been rethought.