Title: localhost using HTTPS Last modified: January 18, 2020 --- # localhost using HTTPS * [apg1912](https://wordpress.org/support/users/apg1912/) * (@apg1912) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/) * Since I first created a WordPress project on my local PC, it has run perfectly well as a testing site. Now, all of a sudden, resources are not being loaded causing the site to fail and make testing it impossible. * On inspecting the site on the Console tab, I see the following: **Failed to load resource: net::ERR_CONNECTION_REFUSED /devproject/wp-content/themes/oceanwp- child/assets/css/frontpage.css?ver1.3:1 * When I hover over the file name, it is prefixed by **[https://localhost/](https://localhost/)** I’m assuming the https is the problem because localhost does not have a secure certificate. * I have entered the following URL into Chrome, and set ‘Allow invalid certificates’ to ‘enabled’, but the problem is still unresolved. * c**hrome://flags/#allow-insecure-localhost** **Allow invalid certificates for resources loaded from localhost Enabled** * I have done extensive googling and not found a solution to this yet. Is it possible to force Chrome to treat localhost as an http site and so load the resources. * Any advice would be appreciated as I have wasted a good amount of time on this so far. Viewing 15 replies - 1 through 15 (of 22 total) 1 [2](https://wordpress.org/support/topic/localhost-using-https/page/2/?output_format=md) [→](https://wordpress.org/support/topic/localhost-using-https/page/2/?output_format=md) * [Valentin Bora](https://wordpress.org/support/users/valentinbora/) * (@valentinbora) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12339897) * Could you check your database, table `wp_options` for the keys `home` and `siteurl` to see if they have `https://` in the value? * Also please share the contents of your `.htaccess` file found in the root of your installation folder if you have it. * Finally, have you installed any SSL plugin or have done any other configuration that you can think of in between when it was working and when it started not working? - This reply was modified 6 years, 2 months ago by [Valentin Bora](https://wordpress.org/support/users/valentinbora/). * Thread Starter [apg1912](https://wordpress.org/support/users/apg1912/) * (@apg1912) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12340238) * Thanks for replying. In answer to your suggestions: * Both home and siteurl in wp_options are set to [http://localhost/devproject](http://localhost/devproject) * I have done nothing with SSL on my laptop. It was working fine until Friday. I’m guessing a Windows update was when it stopped working. The app successfully runs on 2 hosting sites that are set up with SSL. * The .htaccess file is as follows: I added the 3 lines at the top to see if it would help, but it didn’t. * # Redirect HTTPS to HTTP RewriteCond %{HTTP:X-Forwarded-Proto} =https RewriteRule ^(.*)$ [http://%](http://%){HTTP_HOST}%{REQUEST_URI} [L,R=301] * # BEGIN WordPress # The directives (lines) between `BEGIN WordPress` and `END WordPress` are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. RewriteEngine On RewriteBase /devproject/ RewriteRule ^index\.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME}!- d RewriteRule . /devproject/index.php [L] * # END WordPress * I’ve even hardcoded [http://localhost/devproject](http://localhost/devproject) into the src attributes for the resources, but inspect always shows them as being converted to ‘https’ giving me the error. - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). * [Valentin Bora](https://wordpress.org/support/users/valentinbora/) * (@valentinbora) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12340263) * I am pretty much out of ideas now, and I can’t think of anything that a Windows Update could’ve done to your setup. * Could you maybe try checking with another browser? * Thread Starter [apg1912](https://wordpress.org/support/users/apg1912/) * (@apg1912) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12340265) * Interestingly, if I type the url of the resource into the browser, I get the same error message with https:// appearing in the url. I’ve cleared various Chrome settings and did get it to display the resource one time but then it quickly reverted to giving me the error again. I found it did the same for other browsers including IE and Firefox. * [http://localhost/devproject/wp-content/themes/oceanwp-child/assets/css/frontpage.css](http://localhost/devproject/wp-content/themes/oceanwp-child/assets/css/frontpage.css) * This site can’t be reached * localhost refused to connect. * ERR_CONNECTION_REFUSED - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). * [Valentin Bora](https://wordpress.org/support/users/valentinbora/) * (@valentinbora) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12340273) * How about if you go to `view-source:http://localhost/devproject` directly in Chrome? * Just trying to rule out any weird idea, such as some JS code doing the SSL switch. * [Valentin Bora](https://wordpress.org/support/users/valentinbora/) * (@valentinbora) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12340277) * Sorry, my previous comment doesn’t make sense given that you’ve tried to access a CSS resource directly, so that doesn’t run JS. * [Valentin Bora](https://wordpress.org/support/users/valentinbora/) * (@valentinbora) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12340283) * Let’s make sure this is a server-side thing. * Open a new tab in Chrome, then open DevTools > Network. Toggle “Preserve Log” on. Then access your CSS resource URL and see the Network requests that happen, and their Response Headers. See if the Response Headers contain any Location header with a redirect, as well as the HTTP response code other than 200 OK ( so a 301 or 302 maybe). * Thread Starter [apg1912](https://wordpress.org/support/users/apg1912/) * (@apg1912) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12340406) * I’ve done what you asked, exported it into a har file and pasted it into here. Note devproject was just the name in the examples I used. It is using chfootball in the code because that is the real name of the project folder. Not sure if this tells us anything… * although: “name”: “Upgrade-Insecure-Requests”, looks a bit ominous. * _[ SNIP! ]_ - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/). * Thread Starter [apg1912](https://wordpress.org/support/users/apg1912/) * (@apg1912) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12340433) * [https://www.tbs-certificates.co.uk/FAQ/en/upgrade-insecure-requests.html](https://www.tbs-certificates.co.uk/FAQ/en/upgrade-insecure-requests.html) * I have NOT done the following and so I’m not sure where this setting is coming from: * Apache For Apache, you will first need to load the header module. For instance: * LoadModule headers_module modules/mod_headers.so You will then need to charge the header in your virtual host: * Header always set Content-Security-Policy “upgrade-insecure-requests;” * [Valentin Bora](https://wordpress.org/support/users/valentinbora/) * (@valentinbora) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12341150) * I’ve taken a look at the HAR, thanks for that. * So it looks like the upgrade from HTTP to HTTPS is initiated server-side, as the response of the initial request returns a `301 Moved Permanently` which instructs the browser to re-fetch the resource via HTTPS. * I don’t yet know what causes the redirect though. * Thread Starter [apg1912](https://wordpress.org/support/users/apg1912/) * (@apg1912) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12341169) * This only started happening on Friday, and so somewhere, this value has been srt, but as yet, I have not been able to determine where. I would have expected this to originate from the Apache settings but I can find nothing in the configuration file that relates to this. * I think the answer is here somewhere, but I haven’t figured what I have to do at my end to fix this yet. * [https://stackoverflow.com/questions/31950470/what-is-the-upgrade-insecure-requests-http-header](https://stackoverflow.com/questions/31950470/what-is-the-upgrade-insecure-requests-http-header) * I’ve dumped out the content of my $_SERVER variable and it contains: * [HTTP_UPGRADE_INSECURE_REQUESTS] => 1 * Could this be significant? If so, I don’t know how to turn it off because I cannot find a reference to it in my php.ini file. I deleted it in the code, but it made no difference. * The following link seems to accurately represent my problem. still can’t see the solution though. * [https://github.com/twitter/secure_headers/issues/348](https://github.com/twitter/secure_headers/issues/348) * According to many people, using ‘localhost’ should not cause this problem. - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). * Thread Starter [apg1912](https://wordpress.org/support/users/apg1912/) * (@apg1912) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12349880) * I find it disappointing that nobody else has come across this problem and not found a solution to it. * There MUST be some way of informing localhost (running on Apache) NOT to convert requests for resources into HTTPS requests and then refusing to retrieve them. - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). * [Valentin Bora](https://wordpress.org/support/users/valentinbora/) * (@valentinbora) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12349987) * Please try setting up verbose logging on Apache’s side, maybe you’ll find out what actually determines the redirect. * See [https://stackoverflow.com/a/9632952](https://stackoverflow.com/a/9632952) * Thread Starter [apg1912](https://wordpress.org/support/users/apg1912/) * (@apg1912) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12356738) * Okay, I’ll try that. I found these 2 lines in the Apache log: So, something happened on that day to change 200 responses to 301. * ::1 – – [16/Jan/2020:13:46:33 +0000] “GET /chfootball/wp-content/themes/oceanwp- child/assets/css/frontpage.css?ver1.3 HTTP/1.1” 200 7368 * ::1 – – [17/Jan/2020:11:53:38 +0000] “GET /chfootball/wp-content/themes/oceanwp- child/assets/css/frontpage.css?ver1.3 HTTP/1.1” 301 384 * Thread Starter [apg1912](https://wordpress.org/support/users/apg1912/) * (@apg1912) * [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/#post-12357106) * Putting the following in my httpd-vhosts.conf file * RewriteEngine On LogLevel alert rewrite:trace6 ErrorLog “C:\Wamp64\logs\rewritelog. txt” * resulted in the following being logged: Unfortunately, I can’t draw conclusions from it. * _[ SNIP! ]_ - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [apg1912](https://wordpress.org/support/users/apg1912/). - This reply was modified 6 years, 2 months ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/). Viewing 15 replies - 1 through 15 (of 22 total) 1 [2](https://wordpress.org/support/topic/localhost-using-https/page/2/?output_format=md) [→](https://wordpress.org/support/topic/localhost-using-https/page/2/?output_format=md) The topic ‘localhost using HTTPS’ is closed to new replies. * In: [Networking WordPress](https://wordpress.org/support/forum/multisite/) * 22 replies * 4 participants * Last reply from: [apg1912](https://wordpress.org/support/users/apg1912/) * Last activity: [6 years, 2 months ago](https://wordpress.org/support/topic/localhost-using-https/page/2/#post-12366635) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics