I'm getting this error in Firefox's Console:
SecurityError: The operation is insecure
Make sure you are following the Same Origin Policy. This means same domain, same subdomain, same protocol (http vs https) and same port.
EDIT: As @robertc aptly pointed out in his comment, some browsers actually implement slightly different security policies when the origin is
file:///. Not to mention you can encounter problems when testing locally with
file:/// when the page expects it is running from a different origin (and so your
pushState assumes production origin scenarios, not localhost scenarios)