Refresh token middleware security

[HarshDobariya79]

Description

• Currently the refresh token middleware is expecting the refresh token to be passed in the request body.
• It is XSS security vulnerability if the frontend javascript code can access the refresh token.
• The refresh token should be stored in the httpOnly secure cookies to make sure the frontend javascript code can't access that.
• Since the frontend code can't access the refresh token, we need to obtain it from the cookies in the backend.
• The task is to get the refresh token from the request cookies and not from the request body.

[HarshDobariya79]

@het4399 can you take it up?

[het4399]

Yes,Can you assign me?