Preconditions

Set up James with SSL certificates in Chrome, as per the wiki instructions.

Steps to reproduce

1. Launch James
2. Launch Chrome from within the James window
3. Go to an HSTS-protected website, such as https://music.amazon.co.uk/

Expected outcome

The site loads and James logs the requests.

Actual outcome

Initially a certificate error is seen, which can be bypassed. However, then an HSTS error is shown that cannot be bypassed.

Fix

If Chrome is launched with the --ignore-certificate-errors option, HSTS errors are not shown.

For example:

/opt/google/chrome/chrome --noerrdialogs --user-data-dir=$HOME/.config/james-browser-launcher/chrome-62.0.3202.94_c4028a23704e5 --ignore-certificate-errors --proxy-server=http://localhost:1338

Hmm, ideally, SSL proxying should work, even if the other site is using HSTS.
Have you imported the certificate into your OS/browser? Maybe your issue is similar to this ticket: greim/hoxy#75 (comment)?

(we're using hoxy within James, so issues with hoxy proxying could be identical to issues with James proxying)

The HSTS part might be interesting since it's a preload. I'll poke around in a bit to see what I can reproduce.

The way I worked around this issue was to follow the same steps here (https://github.com/kdzwinel/betwixt/blob/master/docs/https.md)

The only difference is instead of referencing the betwixt ca.pem file, i used the root-ca.crt.pem file that is generated as part of the HTTPS steps for James. Essentially because the cert isn't added to OSX's keychain access application and set to 'trusted,' Chrome will throw the HSTS errors.

There is no issue here, right?
Then only thing we could do is update our docs to explicitly explain how to set certificates to trusted.

Created a ticket to update docs accordingly at #378