Refactoring to set SameSite each time a cookie is appended to request, instead of setting a policy. According to microsoft, the CookiePolicyOptions.MinimumSameSitePolicy can be overwritten by middleware and isn't a guarantee that this will be set. Using OnAppendCookie sets the SameSite attribute everytime a cookie is sent and gives more granular control over cookies. See: https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
Refactoring to set SameSite each time a cookie is appended to request, instead of setting a policy. According to microsoft, the CookiePolicyOptions.MinimumSameSitePolicy can be overwritten by middleware and isn't a guarantee that this will be set. Using OnAppendCookie sets the SameSite attribute everytime a cookie is sent and gives more granular control over cookies. See: https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
This seems to be a better way of doing it.