How can I prevent Electron's Chromium from forcing HTTPS on fetch requests?

Reposting this from my StackOverflow question:

From the Electron renderer, I am accessing a local GraphQL endpoint served by a Django instance on my computer, which I’d like to do over HTTP, not HTTPS. But Electron’s Chromium seems to intercept my fetch request and preemptively return a 307 redirect.

So if my fetch request is POST to http://local.myapp.com:3000/v1/graphql , then Chromium returns a 307 and forces a redirect to https://local.myapp.com:3000/v1/graphql , which fails because my server is listening on port 3000 and for my use case I can’t do a local cert for local.myapp.com .

Theoretically the first insecure request should be hitting an nginx docker container listening on port 3000 without any SSL requirement. And nginx is proxying the request to a Hasura container. But I’m not even seeing the requests in the nginx access logs, so I’m pretty sure the request is being intercepted by Chromium.

I believe this StackOverflow comment summarizes well why this is happening: https://stackoverflow.com/a/34213531

Although I don’t recall ever returning a Strict-Transport-Security header from my GraphQL endpoint or Django server.

I have tried the following code without success to turn off this Chromium behavior within my Electron app:

import { app, } from 'electron'

app.commandLine.appendSwitch('ignore-certificate-errors',)
app.commandLine.appendSwitch('allow-insecure-localhost', )
app.commandLine.appendSwitch('ignore-urlfetcher-cert-requests', )
app.commandLine.appendSwitch('allow-running-insecure-content', )

I have also tried setting the fetch options to include {redirect: 'manual'} and {redirect: 'error'} . I can prevent the redirect but that doesn’t do me any good because I need to make a successful request to the endpoint to get my data.

I tried replacing the native fetch with electron-fetch and cross-fetch but there seems to be no change in behavior when I swap either of those out.

Edit: Also, making the request to my GraphQL outside of Electron with the exact same header and body info works fine (via Insomnia).

So I have a couple of questions:

  1. Is there a way to programmatically view/clear the list of HSTS domains that is being used by Chromium within Electron?
  2. Is there a better way to accomplish what I’m trying to do?

Absent of any good solutions, I went ahead and switched to using localhost instead of a custom local domain in order to avoid the issue entirely. Not ideal, but I understand this is probably an edge case that not many people run into so perhaps not worth opening an issue or feature request over.