diff --git a/server/route/api/v2/auth_service.go b/server/route/api/v2/auth_service.go
index 40d37b28..e7ea805d 100644
--- a/server/route/api/v2/auth_service.go
+++ b/server/route/api/v2/auth_service.go
@@ -248,11 +248,17 @@ func (s *APIV2Service) buildAccessTokenCookie(ctx context.Context, accessToken s
 	} else {
 		attrs = append(attrs, "Expires="+expireTime.Format(time.RFC1123))
 	}
-	workspaceGeneralSetting, err := s.Store.GetWorkspaceGeneralSetting(ctx)
-	if err != nil {
-		return "", errors.Wrap(err, "failed to get workspace setting")
+
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return "", errors.New("failed to get metadata from context")
 	}
-	if strings.HasPrefix(workspaceGeneralSetting.InstanceUrl, "https://") {
+	var origin string
+	for _, v := range md.Get("origin") {
+		origin = v
+	}
+	isHTTPS := strings.HasPrefix(origin, "https://")
+	if isHTTPS {
 		attrs = append(attrs, "SameSite=None")
 		attrs = append(attrs, "Secure")
 	} else {