diff --git a/kiloclaw/src/routes/access-gateway.ts b/kiloclaw/src/routes/access-gateway.ts
index 0d8f77773..305cc9617 100644
--- a/kiloclaw/src/routes/access-gateway.ts
+++ b/kiloclaw/src/routes/access-gateway.ts
@@ -230,7 +230,7 @@ accessGatewayRoutes.post('/kilo-access-gateway', async c => {
   setCookie(c, KILOCLAW_AUTH_COOKIE, token, {
     path: '/',
     httpOnly: true,
-    secure: new URL(c.req.url).protocol === 'https:',
+    secure: c.env.WORKER_ENV !== 'development',
     sameSite: 'Lax',
     maxAge: KILOCLAW_AUTH_COOKIE_MAX_AGE,
   });