From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
apigee127
android-asynclistdiffer
python-turtle
rspec-api-documentation
vscoq
nimbus
single-file-generator
basehttprequesthandler
r-whisker
common-lisp
gravitee
agroal
web-config-transform
plotly
raku
teamcity-9.0
turing-machines
ab-initio
zbar
aad-b2c
gitaly
formatmessage
baseline
formsflow
aws-sdk-ios
cpu
react-responsive
email-confirmation
calligraphy
rust-goblin