Prevent javascript access to auth cookie

Author: AuroraLS3

Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/http/RequestHandler.java

@@ -124,7 +124,7 @@ private Response processFailedAuthentication(InternalRequest internalRequest, @U
             String directTo = Strings.CI.startsWithAny(from, "/auth/", "/login") ? "/login" : "/login?from=." + from;
             return Response.builder()
                     .redirectTo(directTo)
-                    .setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=0; SameSite=Lax; Secure;")
+                    .setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=0; SameSite=Lax; Secure; HTTPOnly;")
                     .build();
         }
     }

Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/resolver/auth/LoginResolver.java

@@ -88,7 +88,7 @@ public Optional<Response> resolve(Request request) {
     public Response getResponse(String cookie) {
         return Response.builder()
                 .setStatus(200)
-                .setHeader("Set-Cookie", "auth=" + cookie + "; Path=/; Max-Age=" + ActiveCookieStore.getCookieExpiresAfterMs() + "; SameSite=Lax; Secure;")
+                .setHeader("Set-Cookie", "auth=" + cookie + "; Path=/; Max-Age=" + ActiveCookieStore.getCookieExpiresAfterMs() + "; SameSite=Lax; Secure; HTTPOnly;")
                 .setJSONContent(Collections.singletonMap("success", true))
                 .build();
     }

Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/resolver/auth/LogoutResolver.java

@@ -80,7 +80,7 @@ public Optional<Response> resolve(@Untrusted Request request) {
     public Response getResponse() {
         return Response.builder()
                 .redirectTo("/login")
-                .setHeader("Set-Cookie", "auth=expired; Max-Age=0; SameSite=Lax; Secure;")
+                .setHeader("Set-Cookie", "auth=expired; Max-Age=0; SameSite=Lax; Secure; HTTPOnly;")
                 .build();
     }
 }