Here are the response headers (running under http whilst debugging):
HTTP/1.1 200 OK
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization
Date: Mon, 14 Feb 2022 08:25:52 GMT
Chrome provides this detail in its ‘Issues’ tab (bottom of the Console page):
Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute
1. Because a cookie’s `SameSite` attribute was not set or is invalid, it defaults to `SameSite=Lax` , which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
* Specify `SameSite=None` and `Secure` if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the `Secure` attribute.
* Specify `SameSite=Strict` or `SameSite=Lax` if the cookie should not be set by cross-site requests.
2. AFFECTED RESOURCES
1. 2 cookies
2. 1 request
3. * Learn more: SameSite cookies explained