System Information
- Strapi Version: 4.3.4
- Operating System:
- better-sqlite3: 1.22.18 7.4.6
- Node Version: v16.15.0
- NPM Version: 8.5.5
- Yarn Version: 1.22.18
In production, we run both the frontend and the backend behind Cloudfront. Cloudfront handles SSL and the server communicate with Cloudfront using bare HTTP. Thus, we need Strapi to work properly without HTTPS.
However, when trying to run the Strapi backend with NODE_ENV=production and trying to access http://localhost:1337/api/connect/auth0 while unauthenticated (e.g. in an incognito window), we get an error 500 (internal server error) with the following in Strapi’s output:
[2022-08-24 23:20:04.096] http: GET /api/connect/auth0 (26 ms) 302
Error: Cannot send secure cookie over unencrypted connection
at Cookies.set (.../node_modules/cookies/index.js:94:11)
at ContextSession.save (.../node_modules/koa-session/lib/context.js:339:22)
at ContextSession.commit (.../node_modules/koa-session/lib/context.js:239:16)
at session (.../node_modules/koa-session/index.js:46:20)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async .../node_modules/@strapi/strapi/lib/services/metrics/middleware.js:29:5