I have a request DELETE /refresh in my node express application. It is able to read HTTP-only cookies. If I re-write it to a POST request then the application can no longer read the value of the token, and sees it as undefined.
I notice this behavior when I call the server using React/axios. If I make the calls from visual studio / REST Client then both POST and DELETE work fine.
As it turns out, axios.delete and axios.post don't take the same arguments.
{withCredentials: true } was being passed as body instead of being used as intended.