Ok, here's the update of the problem.
I dont know exactly what cause this. so I change the method. Instead of storing in cookies, I store the auth token in session storage. The rest are same, fetching get/me with the token that store in session storage.

I stil don't know, why storing in cookies make 400 bad request after refresh the page 🤔