Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allow the developer to send secure cookies no matter what

See original GitHub issue

Because my nodejs app behind an nginx.

Browser == https ==> nginx == http ==> nodejs app

So req.protocol always be http, then I cookies.set(name, value, {secure: true} it throw Cannot send secure cookie over unencrypted connection Error.

Issue Analytics

State:
Created 9 years ago
Reactions:1
Comments:13 (8 by maintainers)

Top GitHub Comments

3reactions

djbobbydrakecommented, Oct 26, 2016

Has anyone solved this issue for koa?

2reactions

atian25commented, Aug 10, 2015

@fengmk2 it seem this still happen in koa

Top Results From Across the Web

Everything You Need to Know About Cookies for Web ...

In general, cookies are very secure when implemented correctly. Browsers have a lot of built-in limitations that we covered earlier, partly due ...

Using HTTP cookies - MDN Web Docs

You can ensure that cookies are sent securely and aren't accessed by unintended parties or scripts in one of two ways: with the...

When to use HTTPS for local development - web.dev

Secure cookies are set only on HTTPS, but not on http://localhost for all browsers. And because SameSite:none and __Host also require the ...

Get Ready for New SameSite=None; Secure Cookie Settings

A New Model for Cookie Security and Transparency Developers must use a new cookie setting, SameSite=None , to designate cookies for cross-site access....

Cookies, document.cookie - The Modern JavaScript Tutorial

One cookie may not exceed 4KB in size. The number of cookies allowed on a domain is around 20+ (varies by browser). Cookie...