diff --git a/Moonlight.Api/Configuration/OidcOptions.cs b/Moonlight.Api/Configuration/OidcOptions.cs
index a99cda3d..bf7c0625 100644
--- a/Moonlight.Api/Configuration/OidcOptions.cs
+++ b/Moonlight.Api/Configuration/OidcOptions.cs
@@ -4,6 +4,7 @@ public class OidcOptions
 {
     public string Authority { get; set; }
     public bool RequireHttpsMetadata { get; set; } = true;
+    public bool DisableHttpsOnlyCookies { get; set; }
     public string ResponseType { get; set; } = "code";
     public string[]? Scopes { get; set; }
     public string ClientId { get; set; }
diff --git a/Moonlight.Api/Startup/Startup.Auth.cs b/Moonlight.Api/Startup/Startup.Auth.cs
index 03560c09..2b42c4d9 100644
--- a/Moonlight.Api/Startup/Startup.Auth.cs
+++ b/Moonlight.Api/Startup/Startup.Auth.cs
@@ -74,6 +74,12 @@ public partial class Startup
                 options.Authority = oidcOptions.Authority;
                 options.RequireHttpsMetadata = oidcOptions.RequireHttpsMetadata;
 
+                if (oidcOptions.DisableHttpsOnlyCookies)
+                {
+                    options.NonceCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                    options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                }
+
                 var scopes = oidcOptions.Scopes ?? ["openid", "email", "profile"];
 
                 options.Scope.Clear();