actix-identity: Documentation of http_only() seems incorrect

[puzzlepaint]

The comment on CookieIdentityPolicy::http_only() says "By default, the HttpOnly attribute is omitted from issued cookies":

actix-extras/actix-identity/src/cookie.rs

Line 259 in 5605178

/// By default, the `HttpOnly` attribute is omitted from issued cookies.

However, it seems to me that the http_only Option defaults to None here in new():

actix-extras/actix-identity/src/cookie.rs

Line 59 in 5605178

http_only: None,

And if the option is None, then the flag is set to true here:

actix-extras/actix-identity/src/cookie.rs

Line 85 in 5605178

cookie.set_http_only(true);

And won't be changed here:

actix-extras/actix-identity/src/cookie.rs

Line 95 in 5605178

if let Some(http_only) = self.http_only {

Unless I am overlooking something, it thus seems to me that the documentation is incorrect and should say that the HttpOnly attribute is set by default (or the behavior should be changed to match the documentation).