After the recent changes to how CORS works with Azure (https://docs.microsoft.com/answers/questions/6842/announcement-samesite-cookie-handling-and-net-fram.html) our site is no longer working, and I can't find out why.
The web.config contains the following under customHeaders:-
<add name="Access-Control-Allow-Origin" value="*"/>
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept, Authorization"/>
<add name="Access-Control-Allow-Methods" value="*"/>
<add name="Access-Control-Allow-Credentials" value="true" />
(I have tried every combination of entries for the above I've found, using *, specifics, with and without some of the lines etc)
And as suggested in the above link I added:-
<add key="aspnet:SuppressSameSiteNone" value="true" /> to appSettings
<forms cookieSameSite="None" /> to authentication
<sessionState cookieSameSite="None" /> to system.web
On the Azure Portal I have enabled CORS with an Allowed Origin of *
The site loads items from subdomains of itself, rather than from other sites (e.g. if the User is logged in to the URL 'bob.website.com' it will load bits from 'x.website.com', 'y.website.com' and 'z.website.com').
It worked on Azure prior to this change, and still works if I publish it to other hosts.
Anyone able to point me to what else I need to do to get this working again please?