Skip to main content

Escaping the Redirect Loop: Local Environment Sandboxing with Lando

· 3 min read
Victor Jimenez
Victor Jimenez
Software Engineer & AI Agent Builder

Nothing destroys developer productivity faster than local environment issues. Specifically, infinite redirect loops.

You pull the latest production database snapshot for a massive hospitality portal, type lando start, navigate to mysite.lndo.site, and boom—you are instantly force-redirected back to the live production URL.

This is a classic enterprise sandboxing failure, and it happens across Drupal and WordPress constantly when database configurations aren't properly sanitized for local development.

The Anatomy of the Redirect Loop

In platforms like Pantheon, site variables, sub-domain configurations, and caching modules are aggressively baked into the database. When you pull that database locally, the application still believes it is in a "live" state.

  1. WordPress Home/Site URL: The wp_options table strictly enforces the production base URL.
  2. Drupal Trusted Host Patterns: The settings.php file rejects *.lndo.site because it expects the production DNS.
  3. Forced HTTPS/Environment Redirects: Custom PHP logic detects the lack of a production load balancer environment variable and forces a redirect.

Implementing the Fix

To solve this permanently across a team of 20+ developers, we instituted strict Lando automation and configuration overrides.

1. Context-Aware Configuration (settings.local.php)

We implemented environment-aware database configuration. By checking for the LANDO_INFO environment variable, the application automatically dynamically overrides base URLs.

if (isset($_ENV['LANDO_INFO'])) {
  $settings['trusted_host_patterns'] = ['.*'];
  $config['system.performance']['css']['preprocess'] = FALSE;
  $config['system.performance']['js']['preprocess'] = FALSE;
  // Disable HTTPS redirects
  $settings['reverse_proxy'] = FALSE;
}

2. Post-DB-Import Sanitization Hooks

Pulling the database is only step one. We authored custom Lando tooling scripts (.lando.yml events) that run immediately after lando db-import completes.

  • For WordPress: The script executes wp search-replace to swap production URLs for the .lndo.site equivalent automatically.
  • For Drupal: It executes drush cr and drush cset to disable production-only modules like SSO/SAML, which immediately fail without production certificates.

3. Nginx Route Overrides

We configured Lando's internal Nginx routing to ignore strict HTTP-to-HTTPS redirects defined in the codebase, preventing browser-level redirect loops.

The Payoff

"It works on my machine" is an unacceptable excuse in enterprise agencies. By hardening the Lando configuration and automating database sanitization, we eliminated local environment setup tickets entirely. A developer can clone the repo, run one command, and start writing code.

Looking for an Architect who doesn't just write code, but builds the AI systems that multiply your team's output? View my enterprise CMS case studies at victorjimenezdev.github.io or connect with me on LinkedIn.