Why is localhost being redirected to HTTPS?

The redirection of localhost to HTTPS is a common issue, and several factors can cause it. Here are the primary reasons:

1. HSTS (HTTP Strict Transport Security):

- HSTS is a security mechanism that instructs browsers to always use HTTPS when connecting to a specific domain. If you've previously visited a site with HSTS enabled, and that site has been associated with your local development environment, it might cause localhost to be redirected.

- To fix this, clear your browser's cache and HSTS settings. Here's how to clear HSTS settings for Chrome: go to chrome://net-internals/#hsts, type "localhost" in the "Delete domain" field and hit the delete button. Other browsers have similar options.

2. Browser Extensions:

- Some browser extensions (especially security or privacy-focused ones) may force HTTPS connections, even for localhost. Disable your browser extensions temporarily to see if that resolves the issue. If it does, re-enable extensions one by one to identify the culprit.

3. Operating System-Level Configurations:

- In some specific setups, operating system level configurations, such as specific rules in the hosts file or system-wide network settings, might force redirections to HTTPS. Check if there are any particular entries in your hosts file that point localhost to an HTTPS address.

4. Proxy Servers:

- If you're using a proxy server, it might be configured to redirect HTTP requests to HTTPS. Check your proxy settings and disable it temporarily to see if it makes a difference.

5. Application Configuration:

- If you're developing a web application, the application's configuration itself might enforce HTTPS redirects. Ensure that your application’s configuration is not enforcing HTTPS for the localhost environment. Check your webserver's configuration (like NGINX or Apache), and look for rewrite rules that force HTTPS.

6. Previous HTTPS Connections:

- If you previously configured your development environment to use HTTPS for localhost, those settings might persist. Clear any specific self-signed certificates you might have installed for localhost. You may need to reset network settings on your OS.

To troubleshoot, try these steps:

- Clear your browser cache and cookies.

- Disable browser extensions.

- Check proxy settings.

- Ensure that your development application is not enforcing HTTPS on localhost.

- Verify your hosts file for any incorrect entries.

By methodically checking these aspects, you should be able to identify and resolve why localhost is redirecting to HTTPS.

Learn more about this