Please document N8N_SECURE_COOKIE

I normally set up N8N behind a load balancer, and normally install an HTTPS certificate on the load balancer. Today was the first time I can remember that I tried to set up an N8N instance that would be accessible directly, so no HTTPS.

I spent 45 minutes trying to diagnose why I was able to log in but then getting “There was a problem loading init data” on my screen instead of a blank canvas for new workflows.

The solution was to set N8N_SECURE_COOKIE=FALSE in my environment.

As far as I can tell, that setting is not documented on Environment variables reference | n8n Docs. It really should be.

Also, if N8N_PROTOCOL is set to http, it really should just let you connect with http.

Feeling frustrated…

This is now documented in a few places. I also spent some time debugging the issue and searching the code proved more fruitful.


Because of all the different ways people setup n8n with various load-balancers and reverse-proxies, unfortunately there is no reliable way to detect this properly. most people don’t set N8N_PROTOCOL on n8n with their reverse-proxy setup. This is why we could not rely on any of the existing flags, and had to add a new one.

We should definitely update the docs to document N8N_SECURE_COOKIE better.

That said, starting with version 1.34.0, in this scenario the user will not see the n8n frontend, and instead see an error with clear instructions on how to fix this.