<track> Unsafe attempt to load URL () from frame with URL ()

watch.html:1 Unsafe attempt to load URL file:///C:/subtitle.vtt from frame with URL file:///C:/watch.html. 'file:' URLs are treated as unique security origins.

This is the error I get in Chrome's console when attempting to add the subtitle to the video. The subtitle is working on Internet Explorer without any error message. The code I'm running:

<video controls>
<source src="C:\video.mp4" type="video/mp4">
<track src="C:\subtitle.vtt" kind="subtitles" srclang="en" label="English">
</video>

Solution: The video and subtitle file should be in the same path!

To my understanding of CORSRequestNotHttp:

> <h3>Loading a local file</h3>
>
> Local files from the same directory and subdirectories were
> historically treated as being from the same origin. This meant that a
> file and all its resources could be loaded from a local directory or
> subdirectory during testing, without triggering a CORS error.
>
> Unfortunately this had security implications, as noted in this
> advisory: CVE-2019-11730. Many browsers, including Firefox and Chrome,
> now treat all local files as having opaque origins (by default). As a
> result, loading a local file with included local resources will now
> result in CORS errors.

The only fix today is to set up a local server:

> Developers who need to perform local testing should now set up a local
> server. As all files are served from the same scheme and domain
> (localhost) they all have the same origin, and do not trigger
> cross-origin errors.