# ktor


11/03/2023, 3:19 PM
Hey all! Before I go and file a ticket, I wanted to check if there is a reason why ktor forces the connection to your sever to be https in order to use the HSTS plugin or Secure flag on Cookies? My server runs behind a reverse proxy and the connection between the proxy and my server is http. However, I still would like to use both these things as they still provide the same value in this configuration as they would if browser clients connected directly to my server. HSTS https check Secure cookie https check
Currently I just copied the entire HSTS plugin and removed that if check. Replacing all the code for cookies would be a lot more work.
I found issues for these: hsts secure cookies

Aleksei Tirman [JB]

11/06/2023, 9:37 AM
I don't think there is a particular reason for it. That's just how it was implemented.
👍 1