or you could use something like caddy (https reverse-proxy, local cert), and have a dedicated ws running in the background that serves your files

Don't most (all?) browsers consider file:// and localhost to be secure for the sake of enabling those features?

https://developer.mozilla.org/en-US/docs/Web/Security/Defens...