anything coming out of an xhr request should have a status of 200 & a readystate of 4 if it's been properly received, regardless of origin because the request is going out on the xhr object assuming it's looking to a server. if you're talking about accessing a file on a user's machine, then it's perhaps better to use a cookie instead, or just cache your session or user data in a database, create a webservice or a passthrough page to extract your data from. most browsers will alert the user if the website they're on is attempting to access their machine. most people frown on this. moreover, if the file is already on the user's machine, there's no need to use an xhr for it, the file is already ready to go.
"Want me to precludify him, like some kind of dispatcherator?... Can do!" -Bender