refactor: set HttpOnly for debug mode too

Endpoint/Controllers/Configuration/SetupController.cs

@@ -75,9 +75,9 @@ public partial class SetupController(
         {
             Path = UrlHelper.GetSubPathWithoutFirstApiName + "api",
             Domain = HttpContext.GetCurrentDomain(),
+            HttpOnly = true,
 #if !DEBUG
-            Secure = true,
-            HttpOnly = true
+            Secure = true
 #endif
         });
         return Ok(true);

Endpoint/Controllers/V1/AuthController.cs

@@ -31,9 +31,9 @@ public class AuthController(IOptionsSnapshot<Admin> user, AuthService auth, Pass
             Expires = expires,
             Path = UrlHelper.GetSubPathWithoutFirstApiName + "api",
             Domain = HttpContext.GetCurrentDomain(),
+            HttpOnly = true,
 #if !DEBUG
-            Secure = true,
-            HttpOnly = true
+            Secure = true
 #endif
         };
 
@@ -49,9 +49,9 @@ public class AuthController(IOptionsSnapshot<Admin> user, AuthService auth, Pass
     [ApiExplorerSettings(IgnoreApi = true)]
     public void OnActionExecuting(ActionExecutingContext context)
     {
-        Ip = context.HttpContext.Connection.RemoteIpAddress?.ToString()!;
-        UserAgent = context.HttpContext.Request.Headers.UserAgent.ToString();
-        Fingerprint = context.HttpContext.Request.Cookies["user_key"] ?? string.Empty;
+        Ip = HttpContext.Connection.RemoteIpAddress?.ToString()!;
+        UserAgent = Request.Headers.UserAgent.ToString();
+        Fingerprint = Request.Cookies["user_key"] ?? string.Empty;
         RefreshToken = Request.Cookies["refresh_token"] ?? string.Empty;
 
         if (!string.IsNullOrWhiteSpace(Fingerprint)) return;