From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
contentful-management
spree-auth-devise
progress
yii2-extension
veins
apiary
core-media
anypoint-studio
storage-duration
android-tabbed-activity
camel-cxf
iddcx
file-move
pyrender
libphonenumber
ocamlbuild
xamarin.forms.entry
zio-http
wherehas
openkinect
apache-hudi
adminer
libpfm4
html-imports
.net-6.0
binary-heap
blurry
prelaunch
alibaba-cloud-direct-mail
libhdfs
