diff --git a/CHANGES.md b/CHANGES.md
index f1edeb5963..41a05857fa 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -19,6 +19,7 @@
 - Fix `get-profile` masking transient DB errors as anonymous user (by @jack-stormentswe) [Github #9253](https://github.com/penpot/penpot/issues/9253)
 - Fix `Ctrl+'` "Show guides" shortcut on non-US keyboard layouts by matching the physical key location (by @RenzoMXD) [Github #8423](https://github.com/penpot/penpot/issues/8423)
 - Fix lost-update race on `team.features` during concurrent file creation (by @web-dev0521) [Github #9197](https://github.com/penpot/penpot/issues/9197)
+- Fix copy and paste actions crashing the workspace on insecure origins (plain HTTP / non-`localhost`) where the Clipboard API is unavailable (by @MilosM348) [Github #6514](https://github.com/penpot/penpot/issues/6514)
 
 
 ## 2.16.0 (Unreleased)
diff --git a/frontend/src/app/main/data/workspace/clipboard.cljs b/frontend/src/app/main/data/workspace/clipboard.cljs
index bc8d88a746..70c34c5287 100644
--- a/frontend/src/app/main/data/workspace/clipboard.cljs
+++ b/frontend/src/app/main/data/workspace/clipboard.cljs
@@ -303,13 +303,30 @@
   (and (instance? js/DOMException cause)
        (= (.-name cause) "NotAllowedError")))
 
+(defn- clipboard-unavailable-error?
+  "Check if the given error is a clipboard API unavailable error
+  (thrown when navigator.clipboard is undefined, e.g. on insecure
+   origins per the W3C Secure Contexts spec)."
+  [cause]
+  (and (instance? js/Error cause)
+       (str/starts-with? (.-message cause) "Clipboard API is unavailable.")))
+
 (defn- on-clipboard-permission-error
   [cause]
-  (if (clipboard-permission-error? cause)
+  (cond
+    (clipboard-permission-error? cause)
     (rx/of (ntf/show {:content (tr "errors.clipboard-permission-denied")
                       :type :toast
                       :level :warning
                       :timeout 5000}))
+
+    (clipboard-unavailable-error? cause)
+    (rx/of (ntf/show {:content (tr "errors.clipboard-api-unavailable")
+                      :type :toast
+                      :level :warning
+                      :timeout 5000}))
+
+    :else
     (rx/throw cause)))
 
 (defn paste-from-clipboard
@@ -511,6 +528,12 @@
                                       :level :warning
                                       :timeout 5000}))
 
+                    (clipboard-unavailable-error? cause)
+                    (rx/of (ntf/show {:content (tr "errors.clipboard-api-unavailable")
+                                      :type :toast
+                                      :level :warning
+                                      :timeout 5000}))
+
                     (:not-implemented (ex-data cause))
                     (rx/of (ntf/warn (tr "errors.clipboard-not-implemented")))
 
diff --git a/frontend/src/app/util/clipboard.cljs b/frontend/src/app/util/clipboard.cljs
index d06aa5c22e..6f2d0046bf 100644
--- a/frontend/src/app/util/clipboard.cljs
+++ b/frontend/src/app/util/clipboard.cljs
@@ -70,40 +70,85 @@
   ([event options]
    (from-data-transfer (.-dataTransfer ^js event) options)))
 
-;; FIXME: rename to `write-text`
+(def ^:private unavailable-error-message
+  "Clipboard API is unavailable. This usually happens when the page is served over plain HTTP; serve Penpot over HTTPS to enable copy-to-clipboard.")
+
+(defn- get-clipboard
+  "Return the active `navigator.clipboard` object, or nil when the
+   asynchronous Clipboard API is not exposed (e.g. on insecure origins
+   per the W3C spec, which is what triggered #4478)."
+  []
+  (unchecked-get js/navigator "clipboard"))
+
+(defn- unavailable-error
+  "Build the error wrapped in a rejected Promise so callers can chain
+   `rx/from`/`.catch` and surface a meaningful message instead of the
+   opaque `TypeError: Cannot read properties of undefined (reading
+   'writeText')` that leaked out of the previous implementation."
+  []
+  (js/Promise.reject (js/Error. unavailable-error-message)))
+
 (defn to-clipboard
+  "Write a plain-text string to the system clipboard.
+
+   Always returns a Promise. Resolves on success; rejects with a clear
+   `Error` when `navigator.clipboard` is unavailable (insecure origin)
+   so callers can chain error handling instead of crashing the UI on a
+   synchronous `TypeError` like #4478."
   [data]
   (assert (string? data) "`data` should be string")
-  (let [clipboard (unchecked-get js/navigator "clipboard")]
-    (.writeText ^js clipboard data)))
+  (let [clipboard (get-clipboard)]
+    (if (and clipboard (unchecked-get clipboard "writeText"))
+      (.writeText ^js clipboard data)
+      (unavailable-error))))
 
 (defn- create-clipboard-item
   [mimetype promise]
   (js/ClipboardItem.
    (js-obj mimetype promise)))
 
-;; FIXME: this API is very confuse
 (defn to-clipboard-promise
+  "Write a single asynchronous payload to the clipboard under the given
+   MIME type. The `promise` is resolved by the browser when the
+   ClipboardItem is committed.
+
+   Returns the Promise produced by `clipboard.write`, or a rejected
+   Promise carrying an `Error` when the asynchronous Clipboard API is
+   not available (insecure origin / unsupported browser). Mirrors
+   `to-clipboard`'s defensive contract."
   [mimetype promise]
-  (let [clipboard (unchecked-get js/navigator "clipboard")
-        data (create-clipboard-item mimetype promise)]
-    (.write ^js clipboard #js [data])))
+  (let [clipboard (get-clipboard)]
+    (if (and clipboard (unchecked-get clipboard "write"))
+      (let [data (create-clipboard-item mimetype promise)]
+        (.write ^js clipboard #js [data]))
+      (unavailable-error))))
 
 (defn to-clipboard-multi
   "Write multiple MIME representations as a single ClipboardItem.
-  `items` is a map of mime-type (string) -> string payload.
-  Falls back to `writeText` when the async Clipboard API is unavailable."
+   `items` is a map of mime-type (string) -> string payload.
+
+   Falls back to `writeText` with the `text/plain` payload (or the
+   first available payload) when the asynchronous `clipboard.write`
+   API is unavailable. If neither path is reachable (e.g. insecure
+   origin), returns a rejected Promise mirroring `to-clipboard`'s
+   contract instead of throwing synchronously."
   [items]
-  (let [clipboard (unchecked-get js/navigator "clipboard")]
-    (if (and clipboard (unchecked-get clipboard "write"))
-      (let [obj (reduce-kv
-                 (fn [acc mime payload]
-                   (let [blob (js/Blob. #js [payload] #js {:type mime})]
-                     (unchecked-set acc mime (js/Promise.resolve blob))
-                     acc))
-                 #js {} items)
+  (let [clipboard (get-clipboard)]
+    (cond
+      (and clipboard (unchecked-get clipboard "write"))
+      (let [obj  (reduce-kv
+                  (fn [acc mime payload]
+                    (let [blob (js/Blob. #js [payload] #js {:type mime})]
+                      (unchecked-set acc mime (js/Promise.resolve blob))
+                      acc))
+                  #js {} items)
             item (js/ClipboardItem. obj)]
         (.write ^js clipboard #js [item]))
+
+      (and clipboard (unchecked-get clipboard "writeText"))
       (when-let [text (or (get items "text/plain")
                           (first (vals items)))]
-        (.writeText ^js clipboard text)))))
+        (.writeText ^js clipboard text))
+
+      :else
+      (unavailable-error))))
diff --git a/frontend/src/app/util/clipboard.js b/frontend/src/app/util/clipboard.js
index 43bd636b88..f86693dfdc 100644
--- a/frontend/src/app/util/clipboard.js
+++ b/frontend/src/app/util/clipboard.js
@@ -145,13 +145,27 @@ function sortItems(a, b) {
 }
 
 /**
+ * Read the active system clipboard via the asynchronous Clipboard API.
+ *
+ * Throws a descriptive `Error` when `navigator.clipboard` is unavailable
+ * (e.g. on insecure origins per the W3C Secure Contexts spec, mirroring
+ * the failure mode that crashed the copy/write path in #4478 / #6514).
+ * Without this guard, `navigator.clipboard.read()` raises an opaque
+ * `TypeError: Cannot read properties of undefined (reading 'read')` and
+ * the workspace surfaces a generic "Something wrong has happened" toast.
  *
  * @param {ClipboardSettings} [options]
  * @returns {Promise<Array<Blob>>}
  */
 export async function fromNavigator(options) {
   options = options || {};
-  const items = await navigator.clipboard.read();
+  const clipboard = navigator.clipboard;
+  if (!clipboard || typeof clipboard.read !== "function") {
+    throw new Error(
+      "Clipboard API is unavailable. This usually happens when the page is served over plain HTTP; serve Penpot over HTTPS to enable paste-from-clipboard."
+    );
+  }
+  const items = await clipboard.read();
   const result = await Promise.all(
     Array.from(items).map(async (item) => {
       const itemAllowedTypes = Array.from(item.types)
diff --git a/frontend/translations/en.po b/frontend/translations/en.po
index 88b34b9c0b..460bfb193a 100644
--- a/frontend/translations/en.po
+++ b/frontend/translations/en.po
@@ -1413,6 +1413,10 @@ msgstr "Your browser cannot do this operation"
 msgid "errors.clipboard-permission-denied"
 msgstr "Clipboard access denied. Please allow clipboard permissions in your browser to paste content"
 
+#: src/app/main/data/workspace/clipboard.cljs
+msgid "errors.clipboard-api-unavailable"
+msgstr "Clipboard API is unavailable. Serve Penpot over HTTPS to enable clipboard access"
+
 #: src/app/main/errors.cljs:235
 msgid "errors.comment-error"
 msgstr "There was an error with the comment"