Title: How to allow http
Last modified: April 5, 2026

---

# How to allow http

 *  Resolved [johnd126](https://wordpress.org/support/users/johnd126/)
 * (@johnd126)
 * [2 months, 1 week ago](https://wordpress.org/support/topic/how-to-allow-http/)
 * How can I allow http for accessing my immich server. I have a self-hosted server
   and don’t want (or need) a ssl certificate.
 * Looking forward to using this plugin.
 * Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [psodfj](https://wordpress.org/support/users/psodfj/)
 * (@psodfj)
 * [2 months ago](https://wordpress.org/support/topic/how-to-allow-http/#post-18874423)
 * A single prompt in Google Antigravity enabled it for me. Here is a summary:
 * Developer Guide: Enabling HTTP and SSL Support
 * This guide explains how to modify the **Gallery for Immich** WordPress plugin
   to allow HTTP connections (for local network setups) and add an SSL verification
   toggle (for self-signed certificates). 1. Loosen URL Validation
 * In the original plugin, the Immich server URL is restricted to HTTPS unless it
   is `localhost` or `127.0.0.1`. To allow any HTTP URL (like `http://192.168.1.50:
   2283`), follow these steps: Update `sanitize_settings()`
 * Find the `sanitize_settings` function in `gallery-for-immich.php` and modify 
   the URL check:
 *     ```wp-block-code
       - // Original: Ensure it's HTTPS in production (or localhost for dev)
       - if (strpos($url, 'https://') === 0 || strpos($url, 'http://localhost') === 0 || strpos($url, 'http://127.0.0.1') === 0) {
       + // Modified: Ensure it's HTTPS or HTTP (allows local network URLs)
       + if (strpos($url, 'https://') === 0 || strpos($url, 'http://') === 0) {
             $sanitized['server_url'] = rtrim($url, '/');
         } else {
             add_settings_error(
                 $this->option_name,
                 'invalid_url',
       -         __('Server URL must use HTTPS (or localhost for development).', 'gallery-for-immich')
       +         __('Server URL must use HTTPS (preferred) or HTTP.', 'gallery-for-immich')
             );
         }
       ```
   
 * 2. Add SSL Verification Setting
 * To help users with self-signed certificates on their local network, you can add
   an “SSL Verification” toggle. Update `settings_init()`
 * Register the new field in the `settings_init` function:
 *     ```wp-block-code
       add_settings_field('ssl_verify', __('SSL Verification', 'gallery-for-immich'), [$this, 'field_ssl_verify'], 'gallery_for_immich', 'gallery_for_immich_section');
       ```
   
 * Add the `field_ssl_verify()` Method
 * Add this method to render the checkbox in the settings page:
 *     ```wp-block-code
       public function field_ssl_verify() {
           $options = get_option($this->option_name);
           $checked = isset($options['ssl_verify']) ? (bool)$options['ssl_verify'] : true;
           ?>
           <label>
               <input type="checkbox" name="<?php echo esc_attr($this->option_name); ?>[ssl_verify]" value="1" <?php checked($checked); ?>>
               <?php echo esc_html__('Verify SSL certificates (uncheck for self-signed certificates on local networks)', 'gallery-for-immich'); ?>
           </label>
           <?php
       }
       ```
   
 * Update `sanitize_settings()` again
 * Ensure the new field is saved:
 *     ```wp-block-code
       // Add this line at the end of sanitize_settings() before the return
       $sanitized['ssl_verify'] = !empty($input['ssl_verify']);
       ```
   
 * 3. Respect the SSL Setting in API Requests
 * Finally, update all WordPress remote request calls (`wp_remote_get`, `wp_remote_post`,`
   wp_remote_request`) to use the new setting. Example for `api_request()`
 * Find where `wp_remote_get` is called and update the `sslverify` parameter:
 *     ```wp-block-code
         $response = wp_remote_get($url, [
             'headers' => [ ... ],
             'timeout' => 15,
       -     'sslverify' => true
       +     'sslverify' => isset($options['ssl_verify']) ? (bool)$options['ssl_verify'] : true
         ]);
       ```
   
 * > [!NOTE]
   > You must also apply this change to `handle_image_proxy()`, `get_video_url_with_shared_link()`,
   > and `cleanup_shared_link()`.
 * Summary Checklist
    1. [ ] Change `strpos` check to allow any `http://` prefix.
    2. [ ] Update the localized error message string.
    3. [ ] Register the `ssl_verify` setting field.
    4. [ ] Add the `field_ssl_verify` UI method.
    5. [ ] Ensure `sanitize_settings` saves the checkbox value (boolean).
    6. [ ] Pass the dynamic boolean to the `sslverify` key in all remote requests.
 *  Plugin Author [sietsevisser](https://wordpress.org/support/users/sietsevisser/)
 * (@sietsevisser)
 * [2 months ago](https://wordpress.org/support/topic/how-to-allow-http/#post-18875807)
 * I chose forcing HTTPS because it enforces safety, localhost and 127.0.0.1 are
   the only exceptions because that _really_ is local.
 * I still think this is the way to go, you can try to convince me otherwise.
 * Sietse
 *  Thread Starter [johnd126](https://wordpress.org/support/users/johnd126/)
 * (@johnd126)
 * [2 months ago](https://wordpress.org/support/topic/how-to-allow-http/#post-18878010)
 * Thanks for the tip about editing the plugin code. I’ve commented out a bit of
   the code and it works now.
 * I can understand having the option to secure the plugin via ssl but I think it
   should be up to us users if we want (or need) to implement it. Not to mention,
   it’s cumbersome to set up ssl with immich without added work or expense.
 * Thanks for all your work!
    -  This reply was modified 2 months ago by [johnd126](https://wordpress.org/support/users/johnd126/).
 *  Plugin Author [sietsevisser](https://wordpress.org/support/users/sietsevisser/)
 * (@sietsevisser)
 * [1 month, 4 weeks ago](https://wordpress.org/support/topic/how-to-allow-http/#post-18879322)
 * I just released v0.7.0 – it allows http:// but you will get a warning whether
   this is really what you want.
 * Thanks for using this plugin!
 * Sietse
 *  Thread Starter [johnd126](https://wordpress.org/support/users/johnd126/)
 * (@johnd126)
 * [1 month, 4 weeks ago](https://wordpress.org/support/topic/how-to-allow-http/#post-18879474)
 * I updated. The warning is a great compromise. Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fhow-to-allow-http%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/gallery-for-immich/assets/icon-128x128.png?rev=3415538)
 * [Gallery for Immich](https://wordpress.org/plugins/gallery-for-immich/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/gallery-for-immich/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/gallery-for-immich/)
 * [Active Topics](https://wordpress.org/support/plugin/gallery-for-immich/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/gallery-for-immich/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/gallery-for-immich/reviews/)

 * 5 replies
 * 3 participants
 * Last reply from: [johnd126](https://wordpress.org/support/users/johnd126/)
 * Last activity: [1 month, 4 weeks ago](https://wordpress.org/support/topic/how-to-allow-http/#post-18879474)
 * Status: resolved