HttpOnly refresh token cookie not being included in the request header despite withCredentials: true

Question

Hi anyone who would be willing to help,

I'm using a refresh/access token system for authenticating requests for my c# api but I am having a problem with my HttpOnly refresh token cookie not being present in the request header from my react frontend.

Say a user uses the login endpoint, they will get back an access token in the payload and then a HttpOnly refresh token cookie set in the browser like this:

Response.Cookies.Append(
                    key: refreshTokenKey,
                    value: _jwtTokenManager.GenerateToken(account.Id, TokenType.Refresh),
                    options: new CookieOptions { HttpOnly = true, Secure = true, SameSite = SameSiteMode.None });
                return Ok(response);

this appears to be working fine because the response header has a Set-Cookie section which indicates it is being set in the browser as shown in the following picture:

The problem arises when I send the following axios request from react:

const refresh = async () => {
        const response = await axios.get(`/Accounts/refresh/${account?.id}`, {
            withCredentials: true
        })
        console.log(response) 
        setAccount(previousState => ({ ...previousState, accessToken: response.data.accessToken })); // overwriting the old access token with the new access token
        return response.data.accessToken
    }

this results in the following 400 status being sent back from my api indicating that the httpOnly cookie is not present in the refresh request:

The refresh endpoints looks like this:

[HttpGet("refresh/{id:guid}")]
        public IActionResult RefreshAccessToken (string id)
        {
            string cookiesHeader = Request.Headers["Cookie"];
            Console.WriteLine("Cookie Header: " + cookiesHeader);

            Request.Cookies.TryGetValue(refreshTokenKey, out string refreshToken);
            if (string.IsNullOrEmpty(refreshToken))
            {
                return BadRequest("refresh token not present");
            }

            if (_jwtTokenManager.VerifyToken(refreshToken, TokenType.Refresh) == false)
            {
                return BadRequest("refresh token not valid");
            }

            // generate a new access token and send it back
            string newAccessToken = _jwtTokenManager.GenerateToken(id, TokenType.Access);
            return Ok(new { accessToken = newAccessToken });
        }

and my api's CORS settings look like this:

builder.Services.AddCors(options =>
{
    options.AddPolicy(name: PolicyName, policy => { policy.WithOrigins("https://localhost:3000").AllowAnyMethod().AllowAnyHeader().AllowCredentials(); });
});

This is all indicating to me that the request is not including the HttpOnly refresh cookie in the request and I'm struggling to see what I'm missing, so if any kind soul out there could help me figure it out that would be greatly appreciated! <3