Though I looked at a console in browser and here is the text : ‘null’ has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https.
How are you accessing the webpage with the script?
You do just open that via file:// in your browser, or did you place that webpage on a local apache server and access it via http://localhost ? If you use the latter method, I doubt that placing the image file on the desktop will work
Are you sure that the image file is in the folder above the webpage file? If it is in the same folder you should use ./arrow.gltf or simply arrow.gltf
I am also surprised that you run into CORS problems. That indicates that your webpage file with the script and your icon file are residing on different servers. Is that webpage hosted on e.g. Mapbox? Then you have to somehow transfer your image file to the same server, or place it on another webserver that provides the proper CORS headers. In that case you have to use a http-reference to your image.
If your webpage with the script is on a remote server, it can never access an image file on your local disk. You have to make it available via a webserver. If that webpage is on your local machine, and you access it via file:// , your image file can be on your local disk as well.
These are all pretty basic web development concepts, so perhaps you should read up a bit on those concepts.