UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/58.0.3029.110 Chrome/58.0.3029.110 Safari/537.36

Steps to reproduce the problem:
1. Trying to get this JS component running locally: http://statgen.github.io/locuszoom/
2. Downloaded https://github.com/statgen/locuszoom/zipball/master, renamed index.html to demo.html and set "online" to false at line 183.
3. Wasted 3 hours figuring out how to disable the bloody CORS
4. I'm not going to disable the web security completely with the --disable-web-security switch for all of my Chromium tabs - I want CORS gone for just a single tab where I do the development. And when CORS is disabled, one file:// resource should be able to reference other file:// resource

What is the expected behavior?
That the bloody javascript component bloody works, and I don't have to run it in python -m SimpleHTTPServer 8000 just to get around the bloody CORS.

What went wrong?
Lots of XMLHttpRequest cannot load file:///home/mavi/Downloads/statgen-locuszoom-7db77fe/locuszoom.css. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https.

Did this work before? N/A 

Chrome version: 58.0.3029.110  Channel: stable
OS Version: Ubuntu 17.04 x86-64
Flash Version: