Does Facebook SDK require HTTPS?

But I can not set Enforce HTTPS as NO. Is this problem is from mine?

https://developers.facebook.com/docs/facebook-login/security:

Enforce HTTPS. This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019.

Sounds to me, like they don’t want you to be able to even start without HTTPS, when you are creating a new app now.

---

Plus, Chrome has recently announced that they will mark all HTTP sites as insecure soon, from version 68 on, that will be released in July 2018. So you’re gonna have to go HTTPS rather sooner than later anyway.

The “big players” of the industry are currently pushing for this big time, whether we want it or not.

enable Client OAuth Login and write "localhost:3000" in Valid OAuth Redirect URIs.
Save changes. it will automatically change to https://localhost:3000 , but it doesn't matter...
And set Status: In Development (THIS IS IMPORTANT!)
Then it will work in your http localhost.