Support » Networking WordPress » localhost using HTTPS

  • Since I first created a WordPress project on my local PC, it has run perfectly well as a testing site. Now, all of a sudden, resources are not being loaded causing the site to fail and make testing it impossible.

    On inspecting the site on the Console tab, I see the following:
    Failed to load resource: net::ERR_CONNECTION_REFUSED
    /devproject/wp-content/themes/oceanwp-child/assets/css/frontpage.css?ver1.3:1

    When I hover over the file name, it is prefixed by https://localhost/
    I’m assuming the https is the problem because localhost does not have a secure certificate.

    I have entered the following URL into Chrome, and set ‘Allow invalid certificates’ to ‘enabled’, but the problem is still unresolved.

    chrome://flags/#allow-insecure-localhost
    Allow invalid certificates for resources loaded from localhost Enabled

    I have done extensive googling and not found a solution to this yet. Is it possible to force Chrome to treat localhost as an http site and so load the resources.

    Any advice would be appreciated as I have wasted a good amount of time on this so far.

Viewing 15 replies - 1 through 15 (of 22 total)
  • Could you check your database, table wp_options for the keys home and siteurl to see if they have https:// in the value?

    Also please share the contents of your .htaccess file found in the root of your installation folder if you have it.

    Finally, have you installed any SSL plugin or have done any other configuration that you can think of in between when it was working and when it started not working?

    Thanks for replying. In answer to your suggestions:

    Both home and siteurl in wp_options are set to http://localhost/devproject

    I have done nothing with SSL on my laptop. It was working fine until Friday. I’m guessing a Windows update was when it stopped working. The app successfully runs on 2 hosting sites that are set up with SSL.

    The .htaccess file is as follows: I added the 3 lines at the top to see if it would help, but it didn’t.

    # Redirect HTTPS to HTTP
    RewriteCond %{HTTP:X-Forwarded-Proto} =https
    RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # BEGIN WordPress
    # The directives (lines) between BEGIN WordPress and END WordPress are
    # dynamically generated, and should only be modified via WordPress filters.
    # Any changes to the directives between these markers will be overwritten.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /devproject/
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /devproject/index.php [L]
    </IfModule>

    # END WordPress

    I’ve even hardcoded http://localhost/devproject into the src attributes for the resources, but inspect always shows them as being converted to ‘https’ giving me the error.

    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months, 1 week ago by apg1912.

    I am pretty much out of ideas now, and I can’t think of anything that a Windows Update could’ve done to your setup.

    Could you maybe try checking with another browser?

    Interestingly, if I type the url of the resource into the browser, I get the same error message with https:// appearing in the url. I’ve cleared various Chrome settings and did get it to display the resource one time but then it quickly reverted to giving me the error again. I found it did the same for other browsers including IE and Firefox.

    http://localhost/devproject/wp-content/themes/oceanwp-child/assets/css/frontpage.css

    This site can’t be reached

    localhost refused to connect.

    ERR_CONNECTION_REFUSED

    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months, 1 week ago by apg1912.

    How about if you go to view-source:http://localhost/devproject directly in Chrome?

    Just trying to rule out any weird idea, such as some JS code doing the SSL switch.

    Sorry, my previous comment doesn’t make sense given that you’ve tried to access a CSS resource directly, so that doesn’t run JS.

    Let’s make sure this is a server-side thing.

    Open a new tab in Chrome, then open DevTools > Network. Toggle “Preserve Log” on. Then access your CSS resource URL and see the Network requests that happen, and their Response Headers. See if the Response Headers contain any Location header with a redirect, as well as the HTTP response code other than 200 OK (so a 301 or 302 maybe).

    I’ve done what you asked, exported it into a har file and pasted it into here. Note devproject was just the name in the examples I used. It is using chfootball in the code because that is the real name of the project folder. Not sure if this tells us anything…

    although: “name”: “Upgrade-Insecure-Requests”, looks a bit ominous.

    [ SNIP! ]

    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months ago by Jan Dembowski.

    https://www.tbs-certificates.co.uk/FAQ/en/upgrade-insecure-requests.html

    I have NOT done the following and so I’m not sure where this setting is coming from:

    Apache
    For Apache, you will first need to load the header module. For instance:

    LoadModule headers_module modules/mod_headers.so
    You will then need to charge the header in your virtual host:

    Header always set Content-Security-Policy “upgrade-insecure-requests;”

    I’ve taken a look at the HAR, thanks for that.

    So it looks like the upgrade from HTTP to HTTPS is initiated server-side, as the response of the initial request returns a 301 Moved Permanently which instructs the browser to re-fetch the resource via HTTPS.

    I don’t yet know what causes the redirect though.

    This only started happening on Friday, and so somewhere, this value has been srt, but as yet, I have not been able to determine where. I would have expected this to originate from the Apache settings but I can find nothing in the configuration file that relates to this.

    I think the answer is here somewhere, but I haven’t figured what I have to do at my end to fix this yet.

    https://stackoverflow.com/questions/31950470/what-is-the-upgrade-insecure-requests-http-header

    I’ve dumped out the content of my $_SERVER variable and it contains:

    [HTTP_UPGRADE_INSECURE_REQUESTS] => 1

    Could this be significant? If so, I don’t know how to turn it off because I cannot find a reference to it in my php.ini file. I deleted it in the code, but it made no difference.

    The following link seems to accurately represent my problem. still can’t see the solution though.

    https://github.com/twitter/secure_headers/issues/348

    According to many people, using ‘localhost’ should not cause this problem.

    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months, 1 week ago by apg1912.
    • This reply was modified 4 months, 1 week ago by apg1912.
    apg1912

    (@apg1912)

    I find it disappointing that nobody else has come across this problem and not found a solution to it.

    There MUST be some way of informing localhost (running on Apache) NOT to convert requests for resources into HTTPS requests and then refusing to retrieve them.

    • This reply was modified 4 months ago by apg1912.
    Valentin Bora

    (@valentinbora)

    Please try setting up verbose logging on Apache’s side, maybe you’ll find out what actually determines the redirect.

    See https://stackoverflow.com/a/9632952

    apg1912

    (@apg1912)

    Okay, I’ll try that. I found these 2 lines in the Apache log: So, something happened on that day to change 200 responses to 301.

    ::1 – – [16/Jan/2020:13:46:33 +0000] “GET /chfootball/wp-content/themes/oceanwp-child/assets/css/frontpage.css?ver1.3 HTTP/1.1” 200 7368

    ::1 – – [17/Jan/2020:11:53:38 +0000] “GET /chfootball/wp-content/themes/oceanwp-child/assets/css/frontpage.css?ver1.3 HTTP/1.1” 301 384

    apg1912

    (@apg1912)

    Putting the following in my httpd-vhosts.conf file

    RewriteEngine On
    LogLevel alert rewrite:trace6
    ErrorLog “C:\Wamp64\logs\rewritelog.txt”

    resulted in the following being logged:
    Unfortunately, I can’t draw conclusions from it.

    [ SNIP! ]

    • This reply was modified 4 months ago by apg1912.
    • This reply was modified 4 months ago by apg1912.
    • This reply was modified 4 months ago by Jan Dembowski.
Viewing 15 replies - 1 through 15 (of 22 total)
  • You must be logged in to reply to this topic.