diff --git a/IRaCIS.Core.API/Controllers/ExtraController.cs b/IRaCIS.Core.API/Controllers/ExtraController.cs
index d5d0d43b1..3722593db 100644
--- a/IRaCIS.Core.API/Controllers/ExtraController.cs
+++ b/IRaCIS.Core.API/Controllers/ExtraController.cs
@@ -118,8 +118,8 @@ namespace IRaCIS.Api.Controllers
                 {
                     Expires = DateTime.Now.AddMonths(1),
                     HttpOnly = true, // 确保 cookie 只能通过 HTTP 访问
-                    SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None, // 设置 SameSite 属性
-                    Secure = true // 确保 cookie 只能通过 HTTPS 访问
+                    SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified, // 设置 SameSite 属性
+                    Secure = false // 确保 cookie 只能通过 HTTPS 访问
                 };
 
                 HttpContext.Response.Cookies.Append("access_token", returnModel.Data.JWTStr, option);