I guess you are using session authentication so in that case you have to append withCredentials: true
option to every request.
Consider creating interceptor that does this to every request.
Example: Angular 4 - setting withCredentials on every request - cors cookie