I should have clarified - I mean I was wondering if any browsers block fetch to remote URLs from local files

I do vaguely recall encountering some problem I didn't expect when I was making a tool contained in a local html file, but I dont remember which browser I was using at the time

The problem with your scenario is the reading the local files without permission, not the use of the crypto API.

You are right, I'm conflating 2 issues.

I'm pretty sure Brave was blocking window.crypto but can't remember if it was on a file or over plain HTTP

Blocking crypto on http:// is to spec (aside from localhost) and all the browsers do that.

Blocking crypto on file:// is not to spec, and testing above (https://news.ycombinator.com/item?id=34084526) none of the browsers do that.

It's been a while and I don't remember the details.

All I remember is that I was developing the secret 'creator' code using Brave (my default unsecured browser) and at some point I had to switch to Safari (which I normally save for trusted websites only).

It's possible it was a red herring, and I switched browser but the problem was something else I did at the same time.