Cookies are still getting sent over the http network when secure:true is set in the cookie

I have made a local node server for login verification. Server sends the cookies with property httpOnly and secure both set to true. How is server sending me the cookies if it's running in localhost which is http.

res.cookie("token", JWTToken, { httpOnly: true }, { secure: true }).send("cookies are sent");