So not sure what exactly fixed this, but I had to add credentials="include" to the http GET towards the server and also adjusted the cookie values for SameSite and Secure (as this is not allowed SameSite: http.SameSiteNoneMode and Secure: false) and it's finally working. Thank you Brits!