app/controllers/application_controller.rb

@@ -59,7 +59,7 @@ class ApplicationController < ActionController::Base
   def set_csrf_cookie
     cookies['csrf-token'] = {
       value: form_authenticity_token,
-      secure: Rails.env.production?,
+      secure: false,
       same_site: :strict
     }
   end