> If for some reason that doesn't work for your app, the post also mention two secure alternatives: the native client can install a self-signed cert, or you can use a browser extension with the native messaging API.
(Also you might want to verify you were using 127.0.0.1 and that you had the headers correct)
Installing a self signed certificate is easy on Edge and Chrome. But did you ever try to do it dor Firefox? Firefox has its own certificate store implementation and only native code to manipulate it. So it’s easier to provide a valid certificate instead even if it means that the private key is exposed.
Concerning the extensions, this was not practical until the recent unification under web extensions. I never tried.
(Also you might want to verify you were using 127.0.0.1 and that you had the headers correct)