feat(core)!: Set the secure flag on issued cookies (#8812)

packages/cli/src/auth/auth.service.ts

@@ -82,6 +82,7 @@ export class AuthService {
 			maxAge: this.jwtExpiration * Time.seconds.toMilliseconds,
 			httpOnly: true,
 			sameSite: 'lax',
+			secure: config.getEnv('secure_cookie'),
 		});
 	}
 

packages/cli/src/config/index.ts

@@ -15,6 +15,7 @@ if (inE2ETests) {
 	process.env.N8N_LOG_LEVEL = 'silent';
 	process.env.N8N_PUBLIC_API_DISABLED = 'true';
 	process.env.SKIP_STATISTICS_EVENTS = 'true';
+	process.env.N8N_SECURE_COOKIE = 'false';
 } else {
 	dotenv.config();
 }

packages/cli/src/config/schema.ts

@@ -538,6 +538,12 @@ export const schema = {
 		env: 'N8N_PROTOCOL',
 		doc: 'HTTP Protocol via which n8n can be reached',
 	},
+	secure_cookie: {
+		doc: 'This sets the `Secure` flag on n8n auth cookie',
+		format: Boolean,
+		default: true,
+		env: 'N8N_SECURE_COOKIE',
+	},
 	ssl_key: {
 		format: String,
 		default: '',