diff --git a/server.js b/server.js
index 03cf4e24e..5175e033a 100644
--- a/server.js
+++ b/server.js
@@ -70,7 +70,8 @@ const { invalidCsrfTokenError, generateToken, doubleCsrfProtection } = doubleCsr
 	cookieName: "X-CSRF-Token",
 	cookieOptions: {
 		httpOnly: true,
-		sameSite: "strict"
+		sameSite: "strict",
+		secure: false
 	},
 	size: 64,
 	getTokenFromRequest: (req) => req.headers["x-csrf-token"]