We have a form that is using asp.net core AntiForgery validation.
Recently encountered an issue with a form on the site hosted on www.domain.ie not being able to POST to the API at api.domain.co.uk due to AntiForgery validation.
The recommendation from the team who implemented this is to set sameSite=none on the AntiForgery token cookie.
I'm not familiar with Antiforgery validation but this seems like it would negate the purpose of using it. Is that the case?
No, it won't negate the purpose of using it since the framework's Antiforgery validation mechanism will remain the same. The samesite attribute should not replace having a CSRF Token. Instead, it should co-exist with that token in order to protect the user in a more robust way (cf. https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#samesite-cookie-attribute).
What you should keep in mind though, is:
SameSite=None must now also specify the Secure attribute (they require a secure context/HTTPS).SameSite=None cookies