fix: allow secure cookie with httpOnly flag in refresh token

Author: Aldiwildan77

handler/http/discord.go

@@ -75,6 +75,7 @@ func (d *discordHandler) RefreshToken(c echo.Context) error {
 		cookie.Secure = !isLocalhost
 		cookie.Domain = d.cfg.Discord.RedirectDomain
 		cookie.Path = "/"
+		cookie.HttpOnly = true
 		cookie.SameSite = http.SameSiteLaxMode
 
 		c.SetCookie(cookie)