Is it possible to access a JWT token stored in an HttpOnly cookie using Nookies? If the API base path and browser base path are the same, the HttpOnly cookie is automatically included in the request headers. In such a case, is it more secure to avoid explicitly passing the token in the Authorization header?