update

app/core/security.py

@@ -26,7 +26,7 @@ def set_jwt_cookie(response: Response, token: str):
         key="access_token",
         value=f"Bearer {token}",
         httponly=True,  # 防止JavaScript访问
-        secure=not settings.DEBUG,  # 生产环境使用HTTPS
+        # secure=not settings.DEBUG,  # 生产环境使用HTTPS
         samesite="lax",  # CSRF保护
         max_age=None if settings.ACCESS_TOKEN_EXPIRE_MINUTES is None 
                else settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60
@@ -37,7 +37,7 @@ def clear_jwt_cookie(response: Response):
     response.delete_cookie(
         key="access_token",
         httponly=True,
-        secure=not settings.DEBUG,
+        # secure=not settings.DEBUG,
         samesite="lax"
     )