As file:// URLs are considered opaque origins by default, we need to special case them in the allowlist as any opaque origin will not be matched in the allow list.
