Created attachment 309055 [details] A simple html file with XHR to fetch and display http://webkit.org Beginning with Safari Technology Preview release 29, all CORS requests from file:// are blocked unless Disable Local File Restrictions or Disable Cross-Origin Restrictions selected from Develop menu. This behaviour is new, and not present in release versions of Safari or Webkit Nightly r216177. Load attached file in browser to test.
As it turns out the behavior change is intentional. In STP 29 we changed Develop > Disable Local File Restrictions to toggle granting universal access for non-quarantined file URLs. Formerly file URLs for non-quarantined files would be granted universal access by default and Develop > Disable Local File Restrictions did nothing. So, to opt into the old behavior enable Disable Local File Restrictions.
We should update the STP 29 release notes to mention the behavior change.
For Apple employees, see <rdar://problem/30383804> for more details on this change in behavior.
Note that WebKit's behavior for this now matches Chrome and Firefox.