Valyrion
Spent an absolutely infuriating day fighting my OIDC implementation because direct sign-in was working, but hitting an [Authorize]'d endpoint kept ending up in a redirect loop. Turns out Same-Site cookies also look at the Referer domain in redirects! https://www.nogginbox.co.uk/blog/strict-cookies-not-sent-by-request I cannot thank you enough for writing this up, @nogginbox
Strict cookies are not being sent by request after redirect - Nogginbox

Jun 7, 2025 at 11:05pmWeb
Show threadRichard GarsideJun 7, 2025
@valyrion really pleased to have helped. It got me too, and I wanted to save others from the pain.