Unable to download project avatar using personal access token

Summary

I receive 401 error when I try to download avatar for private project using my personal access token with api, read_user, read_repository permissions

Steps to reproduce

1. Create private project
2. Create personal access token (https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
3. Get avatar url for your project (using API or just "Copy Image Link" in your browser)
4. Request avatar from command line using personal access token:

> curl -fL -H 'Authorization: Bearer YOUR_TOKEN' 'https://gitlab.com/uploads/-/system/project/avatar/SOMENUMBERS/SOMELETTERS.png'
curl: (22) The requested URL returned error: 401 Unauthorized

What is the current bug behavior?

curl: (22) The requested URL returned error: 401 Unauthorized

What is the expected correct behavior?

Correct response for this request can be

Warning: Binary output can mess up your terminal. Use "--output -" to tell 
Warning: curl to output it to your terminal anyway, or consider "--output 
Warning: <FILE>" to save to a file.

I received it when tried

curl -fL -H 'Cookie: _gitlab_session=COOKIE_FROM_MY_BROWSER' 'https://gitlab.com/uploads/-/system/project/avatar/SOMENUMBERS/SOMELETTERS.png'

Output of checks

This bug happens on self-hosted installation and on GitLab.com