Stop telling users how to disable security

[greggman]

It seems kind of irresponsible to tell users to disable their security to do development. Especially when the alternatives are safe and easy, taking 30 seconds to 2 minutes to setup.

[donmccurdy]

Demo: https://raw.githack.com/mrdoob/three.js/8aee6080fb83c7af0706e3b53f669f691660558d/docs/#manual/en/introduction/How-to-run-things-locally

Note there is still a reference to changing security settings under the Content loaded from external files header.

Personally, I agree that permanently changing a setting in the browser is probably a bad thing for us to recommend. Starting the browser from the CLI in a mode that allows local file access bothers me much less, but if Chrome is the only browser that supports that I'm OK with pulling the section rather than recommending only a single browser.

[mrdoob]

Thanks!

[peteroupc]

It seems to me that this page should explain why it no longer tells about any in-browser command-line options, especially since, especially for Windows users, installing Ruby or Python when they're not used for any other purpose, or setting up a local HTTP server, may be seen as extra hoops to jump through to enable local testing of three.js applications (compared to in-browser command line options). (To be clear, I have no complaints about these extra hoops, but others might.)

[mrdoob]

Another option for Windows users is to install this:

https://chrome.google.com/webstore/detail/web-server-for-chrome/ofhbbkphhbklhfoeikjpcbhemlocgigb

but I think Google was going to deprecate Chrome Apps

[looeee]

extra hoops

These are hoops that anyone who is serious about web development will have to jump through at some point, so they're not unreasonable.

For people who are just starting to experiment, using something like codesandbox.io is probably a better route.