diff --git a/stealer/settings.py b/stealer/settings.py
index 04652a8..15b0bda 100644
--- a/stealer/settings.py
+++ b/stealer/settings.py
@@ -34,6 +34,10 @@
 CORS_ALLOW_CREDENTIALS = True  # 指明在跨域访问中，后端是否支持对cookie的操作。
 CORS_ORIGIN_ALLOW_ALL = True
 
+SECURE_SSL_REDIRECT = False
+SESSION_COOKIE_SECURE = False
+CSRF_COOKIE_SECURE = False
+
 CORS_ALLOW_METHODS = (
     'DELETE',
     'GET',