Bug Summary

The WP-admin and the Open Site button opens the site in question only via http not https, even though a SSL is set and the cert is trusted in OS X. You CAN change the protocol manually. Once changing the home and siteurl options in the db manually. I can use the WP-admin to force the site via https but not the Open Site button/link.

This is both for existing and NEW sites. Apache and NginX do not seem to make a difference.

Why is this important?
To ensure that remote loaded assets do not violate CORS…

[I wish I could upload images, but ‘there seems to be a problem’… so you’ll have to take my word for it. → Sorry, there was an error uploading Screenshot_2024-03-14_at_11.32.21 AM.png. Please try again.]

Steps to reproduce

As precisely as you can, list the steps it takes to reliably reproduce the issue.

Environment Info

Describe your environment.

• What Operating System are you using?
• What versions of site software (Nginx, Apache, PHP, MySQL) is used?
• What version of Local is installed?

Supporting info

Please provide your Local Log. See this Community Forum post for instructions on how to do so:

• How do I retrieve Local’s Log?

Include any screenshots or video recordings of the issue to help others reproduce.

Hi @sebastian

Does clearing your cache and cookies have any change? Viewing incognito?

What about if you use a different browser type other than you default? Chrome, Safari, Edge, Firefox, etc

What about if you change your network or use a VPN?

Thanks for the follow up. No, using a different browser does not change the behaviour. I can’t view in incognito since the browsers open up based on the the direct link click to ‘WP Admin’ or ‘Open Site’ but I can afterwards change the url to https and it will stick. The sites DB entries for sitename and URL are with https://

Your last question puzzles me a bit and I don’t follow. How would using a VPN or network change affect the site on LOCAL? I never leave the machine… But maybe I don’t fully understand the question. Please explain and I’ll see that I can answer it in more detail. As for now I don’t have a VPN enabled.

Hi @sebastian

Apologies I was probably confusing some different support questions.

Is this happening for you regardless of what Local version you’re on?

Can you clarify your specific Local version currently and what your OS version is?

I’m not able to replicate this currently on my M3 using Sonoma, but we do see similar issues from time to time but root causes can vary.

Hi Nick, thanks.
System info first:
M1 MB Pro Sonoma
Local Version 8.3.2+6660

I only noticed this since the last update to 8.3.x. I am aware of the certificates in OS X and in the past setting the trust level manually etc isn’t a problem. Even when the siteurl and the home fields are set to use https Local will force it to http, which then tickles console with a bunch of CORS messages. Yes, I can manually change it and that will work just fine, but I have to do it first. I don’t recall that being a problem/issue in the previous version.

What root causes (besides the two listed - I am reading those) could affect this? This isn’t as big of a deal as a server not running or restarting (nor as annoying as Mailpit not installing for one of my sites), i just annoying. LOL. You know the extra step you keep forgetting to take…

For some further testing does the problem persist after an uninstall/reinstall? Or if you downgrade your Local version back to a previous version where it worked normally?

So, I downgraded my Local to 8.2.x on Mac ARM and while that presented it own problems, this particular issue is still present. I have not yet uninstalled it completely.

Now in the good ole ‘user error’ category I double checked that I have both the home and site URL set as https and I do. Short of uninstalling all sites and Local Im not sure where I should be looking.

Hi @sebastian

Thank you for your patience here! I checked with our Dev team and it turns out this is actually a known bug that we have logged in already. So that’s the good news. Obviously, that isn’t an immediate solution but I wanted to let you know they are aware of this and have it in their roadmap for review. We’ll keep you posted once we have a patch for that out but at this time we don’t have a firm ETA to provide.

I’m having the same issue. I have latest version Version 9.0.5+6706. I’m on an iMac 2017 , macOS Ventura 13.6.7. I went through the steps to set the SSL local.crt as trusted, that all worked fine. I also did the search/replace in the db for http to https, and it said 9 entries were replaced. But when I used Local’s WP Admin or Open Site buttons, it loads the site with http.

Thank you @gscoolidge! I can confirm this bug is still filed with the team and in their backlog for review. We’ll share any updates here once that is addressed.

I completely forgot that this bug still exists as I added a redirect in the .htaccess file for each Apache website. For me the SSL certificate works with all Nginx websites. But it looks like the open command works differently depending on whether you use the WP Admin or Open Site button. I don’t know if the syntax is completely correct but it has worked for me anyway with all WordPress and Local updates.

# BEGIN Redirect to https
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# END Redirect to https

I was wrong. The button Open Site still opens Nginx websites in http while WP Admin opens in https.