Please set the Proj-Headless label.  This may actually be a duplicate, I'll check on monday.

Removing Internals>Network>SSL

--allow-insecure-localhost is meant to treat http://localhost as secure. It's not meant to affect https://localhost, good certificates or otherwise.

@rsleevi: in the flag description, it says: "Allows requests to localhost over HTTPS even when an invalid certificate is presented."

Actual behavior of the flag matches its description in Chrome 60: if one launches chrome with the --allow-insecure-localhost and navigates to https://localhost (which has self-signed certificates), chrome doesn't show interstitial page and successfully completes navigation.

Note that you can also use the newly added certificate error handling commands to deal with invalid certificates: https://chromedevtools.github.io/debugger-protocol-viewer/tot/Security/#method-handleCertificateError

@skyostil: this works great, thanks!

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/efadb5000b933d6255c81ed8c9f8ef1bab5f1386

commit efadb5000b933d6255c81ed8c9f8ef1bab5f1386
Author: Luca Versari <veluca@google.com>
Date: Thu Aug 03 10:31:55 2017

headless: Add --allow-insecure-localhost flag.

This flag was present in chrome, but ignored in headless.
This commit makes headless behave as expected.

R=eseckler@chromium.org

Bug:  714287 
Change-Id: I2b06c345c1f29eb4390e7853537af9cf5d809bb8
Reviewed-on: https://chromium-review.googlesource.com/599809
Reviewed-by: Eric Seckler <eseckler@chromium.org>
Commit-Queue: Luca Versari <veluca@google.com>
Cr-Commit-Position: refs/heads/master@{#491694}
[modify] https://crrev.com/efadb5000b933d6255c81ed8c9f8ef1bab5f1386/headless/lib/browser/headless_content_browser_client.cc
[modify] https://crrev.com/efadb5000b933d6255c81ed8c9f8ef1bab5f1386/headless/lib/headless_browser_browsertest.cc