HTTP Strict Transport Security🔗
For sites with HSTS enabled, Firefox will not allow adding an exception to allow a self signed certificate.
To work around this:
- Visit a page of your site without
- Close that tab
- Open "History", right click the page you just visited and click "Forget about this site"
- Now start
intervene, and you should be able to add an exception to allow a self signed certificate
intervene automatically strips the HSTS headers off any proxied request, so the browser won't see it as an HSTS site whilst
intervene is running.
Once the browser sees the real server again though, it will add the site to the HSTS list again and you'll need to repeat the above process.
If your site is on the preload list, you can try disabling
about:config, restarting your browser and maybe following the above procedure, but we've not had much luck with this so far. If you have tips or workarounds for this please submit them as issues or PRs to the GitHub project
For Chrome, currently (v81 at time of writing) it still trusts the certificate created and trusted by
intervene, so there is no issue with sites with HSTS headers.