For App Passwords in non-HTTPS websites, WordPress asks for development environment, but actually requires local

[drtimofey]

When attempting to set Application Passwords on a non-HTTPS website (i.e. http://localhost), WordPress says it needs the development environment to be declared (creating an assumption it needs to be WP_ENVIRONMENT_TYPE=development). However, in actuality, WordPress requires WP_ENVIRONMENT_TYPE to be set to 'local', not 'development'.

To reproduce:

• Deploy a non-HTTPS instance (i.e. http://localhost)
• Set WP_ENVIRONMENT_TYPE constant to 'development' in wp-config.php, i.e. - define('WP_ENVIRONMENT_TYPE', 'development');
• Go to /wp-admin/profile.php and edit any user
• Under Application Passwords the following messages is posted, despite the environment being set to development:

The application password feature requires HTTPS, which is not enabled on this site.
If this is a development website you can [set the environment type accordingly](​https://developer.wordpress.org/apis/wp-config-php/#wp-environment-type) to enable application passwords.

Solution:

• Either clarify the instructions to say to set it to 'local', not 'development'

OR

• Update the wp_is_application_passwords_supported() function to accept the development environment.

This ticket is related to #53658.

[drtimofey]

Screenshot of the wordpress message

[thakkarhardik]

I've added a patch which clarifies that the environment type should be 'local' in order to use the App passwords in non-https sites.