diff --git a/server.js b/server.js
index 7ab5120d9..04b1039e0 100644
--- a/server.js
+++ b/server.js
@@ -70,6 +70,7 @@ const { invalidCsrfTokenError, generateToken, doubleCsrfProtection } = doubleCsr
 	cookieOptions: {
 		httpOnly: true,
 		sameSite: "strict",
+		secure: false
 	},
 	size: 64,
 	getTokenFromRequest: (req) => req.headers["x-csrf-token"]