I'm trying to figure out how to set the HttpOnly attribute for the set-cookie header, specifically for native NodeJS.
Right now, I have this code, but it doesn't work because I can still access the cookies with client side javascript.
response.setHeader('Set-Cookie', ['HttpOnly']);