fix: add cookie support for HTTP bearer authentication

[SeokHoChoi]

Overview

In my project, we use HTTP-only cookies exclusively for sending authentication tokens, and the Authorization header is not required. I encountered issues with the current validateHttp() implementation because it only validates tokens in the Authorization header. To address this, I made a minor adjustment to check for tokens in both the Authorization header and cookies.

Changes

• Updated validateHttp() to look for bearer tokens in cookies, in addition to the Authorization header.

Reason for Change

Typically, HTTP authentication relies on the Authorization header, as token-based authentication often uses headers according to REST API standards. However, when using HTTP-only cookies—especially in setups that employ CSRF protection—this is a common approach for managing tokens.

I’ve made these changes to provide more flexibility for projects that use cookies for authentication. I wanted to propose this adjustment and get feedback on whether this approach aligns with broader use cases or if there are other considerations.

I didn't even touch the associated test code for quick post-application feedback!

Let me know your thoughts on this modification!