I have protected my staging environment with an HTTPS client certificate. The site consists of multiple subdomains rest.site.com, files.site.com, site.com, etc.
Everyone has the same certificate.
The problem is that firefox doesn't send a client certificate with cors preflight requests. Which means those request will inevitably always fail and so firefox refuses to access the api at all.
So is there a way to force firefox to send the certificate with the preflight request?
CodePudding user response:
- type into the url bar
about:config - find
network.cors_preflight.allow_client_cert - set to
true
client certs will now be sent with preflight requests