If you’re running SEO Booster on a local development site and trying to connect to Google Search Console, you may see an error like:
Warning: Local Development Domain DetectedThis happens because Google’s OAuth system doesn’t allow callbacks to non-public domains. This is a security feature to prevent abuse and protect authentication flows.
Why This Happens
OAuth services (like Google’s) reject redirect URIs that point to local or invalid domains because:
- Local domains can be hijacked using
hostsfile changes - They can be spoofed by malware or other applications
- They are not verifiable through public DNS, which violates OAuth security best practices
Common Problematic Domains
Some of the most common domains that cause issues include:
localhost127.0.0.1.local.test.dev(owned by Google and enforces HTTPS).example,.invalid
Recommended Solutions
If you’re working locally and need to test Google integration, here are three reliable options:
- Use a tunneling tool: Set up a temporary public URL with a service like ngrok to expose your local environment securely.
- Deploy to a staging site: Push your code to a public test environment that has HTTPS and a valid domain.
- Use a custom domain name: Point a non-restricted domain (e.g.,
mydevsite.testdomain.com) to your local machine through DNS or your hosts file, though this still may not bypass Google’s checks.
Can It Still Work Locally?
In rare cases, authentication might still work if you’ve configured everything just right and used custom credentials. But this is not reliable or recommended. For consistent results, we strongly suggest testing Google authentication from a public-facing domain.
If you’re not sure how to proceed, feel free to reach out to our support team.