Support HTTP in production - Error: Cannot send secure cookie over unencrypted connection

System Information
  • Strapi Version: 4.3.4
  • Operating System:
  • better-sqlite3: 1.22.18 7.4.6
  • Node Version: v16.15.0
  • NPM Version: 8.5.5
  • Yarn Version: 1.22.18

In production, we run both the frontend and the backend behind Cloudfront. Cloudfront handles SSL and the server communicate with Cloudfront using bare HTTP. Thus, we need Strapi to work properly without HTTPS.

However, when trying to run the Strapi backend with NODE_ENV=production and trying to access http://localhost:1337/api/connect/auth0 while unauthenticated (e.g. in an incognito window), we get an error 500 (internal server error) with the following in Strapi’s output:

 [2022-08-24 23:20:04.096] http: GET /api/connect/auth0 (26 ms) 302

  Error: Cannot send secure cookie over unencrypted connection
      at Cookies.set (.../node_modules/cookies/index.js:94:11)
      at (.../node_modules/koa-session/lib/context.js:339:22)
      at ContextSession.commit (.../node_modules/koa-session/lib/context.js:239:16)
      at session (.../node_modules/koa-session/index.js:46:20)
      at processTicksAndRejections (node:internal/process/task_queues:96:5)
      at async .../node_modules/@strapi/strapi/lib/services/metrics/middleware.js:29:5

I’m having same issue , can anyone please specify the solution.

I am having this exact same issue. The error is identical. I have seen the posts that say to add proxy: true to server.js, and I have already done that.

I am running Strapi v4.3.8, and my server.js looks like:

module.exports = ({ env }) => ({
host: env(‘HOST’),
url: env(‘URL’),
proxy: true,
app: {
keys: env.array(‘APP_KEYS’),

Thanks @Lokheed for reply, i tried it too, but for some reason it didn’t worked for me.