This hotfix allows us to turn on and off secure cookies

src/Infrastructure/DependencyInjection.cs

@@ -308,10 +308,17 @@ private static IServiceCollection AddAuthenticationService(this IServiceCollecti
 
         services.AddSingleton<IPasswordService, PasswordService>();
 
+        CookieSecurePolicy policy = CookieSecurePolicy.SameAsRequest;
+        if(configuration["IdentitySettings:SecureCookies"] is not null && configuration["IdentitySettings:SecureCookies"]!.Equals("True", StringComparison.CurrentCultureIgnoreCase))
+        {
+            policy = CookieSecurePolicy.Always;
+        }
+
+
         services.ConfigureApplicationCookie(options => {
             options.LoginPath = "/pages/authentication/login";
             options.Cookie.SameSite = SameSiteMode.Strict;
-            options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+            options.Cookie.SecurePolicy = policy;
         });
 
         services

src/Server.UI/appsettings.json

@@ -70,7 +70,8 @@
     "RequireUpperCase": true,
     "RequireLowerCase": true,
     "DefaultLockoutTimeSpan": 30,
-    "MaxFailedAccessAttempts": 5
+    "MaxFailedAccessAttempts": 5,
+    "SecureCookies": true
   },
   "Notify": {
     "ApiKey": "",