Many thanks for your thoughts. It was very interesting and strange that you are missing the non-secure site connections setting.
If I remember correctly i first saw this setting in one of the 18.2 beta releases. I also think the Safari developer beta, public beta and technology preview might differ and is based on different versions of WebKit.
The Safari defaults domain key is UseHTTPSOnly for this setting but there is no information to be found anywhere as you also discovered. And I don’t see any special feature flag that would activate this setting.
And the Safari help page is also missing any information about this non-secure site connections setting.
Can it be a cached HSTS (HTTP Strict Transport Security) policy for localhost somewhere in the system for another app that is causing the login problem to the Local account via localhost?
defaults read -app Safari UseHTTPSOnly
1
