diff --git a/users/views.py b/users/views.py
index 0d5d232..b70013f 100644
--- a/users/views.py
+++ b/users/views.py
@@ -1,3 +1,5 @@
+from django.conf import settings
+
 from django.shortcuts import get_object_or_404
 
 from rest_framework.views import APIView
@@ -28,7 +30,7 @@ class RefreshAPIView(APIView):
             serializer = TokenRefreshSerializer(data={'refresh': refresh})
             if serializer.is_valid():
                 res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK)
-            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True)
+            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
             return res
         except TokenError as e:
             return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED)
@@ -75,7 +77,7 @@ class LoginAPIView(APIView):
                     },
                     status=status.HTTP_200_OK,
                 )
-                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True)
+                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
                 return res
             else:
                 return Response(serializer.errors)