We have a form that is using asp.net core AntiForgery validation.
Recently encountered an issue with a form on the site hosted on www.domain.ie
not being able to POST
to the API at api.domain.co.uk
due to AntiForgery validation.
The recommendation from the team who implemented this is to set sameSite=none
on the AntiForgery token cookie.
I'm not familiar with Antiforgery validation but this seems like it would negate the purpose of using it. Is that the case?