I’m sending a request from postman to my rest API
in the request header, I’m setting a cookie that holds an access token string and setting it as http-only
however, when i send it and inspect the console view i can see the cookie value
Is this valid? cause from what I know when setting the http-only attribute only the server has access to the cookie content.
is this just because I’m using postman ?
thanks for the help