diff --git a/internal/middleware/csrf.go b/internal/middleware/csrf.go
index 14df31d..29d2204 100644
--- a/internal/middleware/csrf.go
+++ b/internal/middleware/csrf.go
@@ -28,7 +28,7 @@ func SetCSRFToken(w http.ResponseWriter, r *http.Request, token string) {
 		Name:     CSRFTokenCookieName,
 		Value:    token,
 		Path:     "/",
-		HttpOnly: true,
+		HttpOnly: false,
 		Secure:   IsHTTPS(r),
 		SameSite: http.SameSiteLaxMode,
 		MaxAge:   3600,