patheard
commented
1 year ago I double checked and everything is working nicely for me locally:
The Mozilla dev docs are also saying this is expected so perhaps it is a newer browser thing to allow it: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies
Summary
Update the cookie so that it can no longer sent in plaintext with unecrypted requests.
Related