secure-http flag in a composer.json doesn't work

Question

I need to use http composer registry for several packages:

...
"repositories":[
  {"type":"composer", "url":"http://<url>"}
],
"secure-http":false,
...

But when I am trying to composer update to update lock file, I got:

[Composer\Downloader\TransportException]
Your configuration does not allow connection to http://<url>.
See https://getcomposer.org/doc/06-config.md#secure-http for details.

By responding url I found next information;

secure-http#

Defaults to true. 
If set to true only HTTPS URLs are allowed to be downloaded via Composer. 
If you really absolutely need HTTP access to something then you can disable it ...

So I am confused what I am doing wrong.

Answer 1

Wrong composer.json structure. secure-http must be in the config section:

{
  ...,
  "config":{
    ...,
    "secure-http":false,
    ...
  }
  ...
}