diff --git a/server/routes/auth.ts b/server/routes/auth.ts
index 013b5b03b..1ddfaa3b9 100644
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -421,7 +421,7 @@ authRoutes.get('/oidc-login', async (req, res, next) => {
   res.cookie('oidc-state', state, {
     maxAge: 60000,
     httpOnly: true,
-    secure: true,
+    secure: req.protocol === 'https',
   });
   return res.redirect(redirectUrl);
 });