We are using a web application developed in ASP.NET MVC (SiteA), which accepts post request from other site call SiteB. But while posting request from SiteB to SiteA, we are getting following error of SameSite Cookie for Aspnet_sessionId. Here both SiteA and SiteB are hosted on different domain.
"A cookie associated with a cross-site resource at http://siteA.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure."
I can resolve this issue by setting SameSite=None and Secure for SiteA Cookies. But instead of setting these value, Can I do using content security policy from SiteA ?
