From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
bean-validation
fragment
pgfplots
tf-agent
wso2carbon
coverflow
refcounting
m3u
client-side-validation
eval
jsdoc
payflowlink
measurestring
simplecov
react-dropdown-tree-select
react-native-view-shot
pose
ngx-admin
laravel-jwt
ng-class
mapbox-android-maps
horde
precompiled-headers
graph-explorer
viro-react
metal-performance-shaders
hotfix
gitlab-pages
apt-key
cumulus
