The issue you’re encountering is because the cookie XSRF-TOKEN has his attribute HttpOnly set to true, whereas it should be set to false.
There’s probably something in your configuration that set all HttpOnly attributes to true. You need to update this in order to let this value to false for XSRF-TOKEN.