fix: use request.protocol to check for HTTPS

plugin.js

@@ -22,7 +22,7 @@ function fastifyCookieSetCookie (reply, name, value, options) {
  }
 
  if (opts.secure === 'auto') {
- if (isConnectionSecure(reply.request)) {
+ if (reply.request.protocol === 'https') {
  opts.secure = true
  } else {
  opts.sameSite = 'lax'
@@ -187,13 +187,6 @@ function getHook (hook = 'onRequest') {
  return hooks[hook]
 }
 
-function isConnectionSecure (request) {
- return (
- request.raw.socket?.encrypted === true ||
- request.headers['x-forwarded-proto'] === 'https'
- )
-}
-
 const fastifyCookie = fp(plugin, {
  fastify: '4.x',
  name: '@fastify/cookie'

test/cookie.test.js

@@ -854,7 +854,7 @@ test('create signed cookie manually using signCookie decorator', async (t) => {
 })
 
 test('handle secure:auto of cookieOptions', async (t) => {
- const fastify = Fastify()
+ const fastify = Fastify({ trustProxy: true })
 
  await fastify.register(plugin)