Is there any way to disable httponly using config.php?
$config['cookie']['httponly'] = 'false';
Found a way to disable it direct in the code (setcookie in session.php), but it would be nice if there would be a way directly in the config file
I think you'll have to continue with code changes for it - it's a reasonable security feature so I don't see any reason to allow it to be disabled. You'd run into your issue with any PHP app that uses it (that doesn't write its own cookie sending function).