UseCookiePolicy breaks all manager POSTs

[lukasan]

Hello,
I needed to add GDPR accept cookie, standard official implementation.

Using:

• NET 6.0
• Piranha 10.0.2 (every package)
• Firefox 98.0.1
• Edge 99.0.1150.46
• Brave 1.36.119 Chromium: 99.0.4844.83

When I go to the website, I can click accept GDPR cookie, it shows up in browser's cookie list with accepted status. Working as intended.

When I go to the manager, I can log in, read, open everything. But every POST inside the manager returns 400 bad request. Removing the GDPR cookie config from Startup fixes the issue.

options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
Edge: works
Brave: bad request
Firefox: bad request

all other options, including options.HttpOnly = HttpOnlyPolicy.None and options.Secure = CookieSecurePolicy.Always or any mix or other modes of the three don't work at all.

Log from Edge:

       POST https://localhost:5001/manager/api/page/save 400
saveInternal @ piranha.pageedit.min.js:1
save @ piranha.pageedit.min.js:1
click @ VM1019:3
invokeWithErrorHandling @ piranha-deps-dev.js:19892
invoker @ piranha-deps-dev.js:20217
original._wrapper @ piranha-deps-dev.js:25570
piranha.min.js:1 
        
       Uncaught TypeError: Cannot set properties of undefined (setting 'visible')
    at piranha.min.js:1:7211
(anonymous) @ piranha.min.js:1
setTimeout (async)
push @ piranha.min.js:1
(anonymous) @ piranha.pageedit.min.js:1
Promise.then (async)
saveInternal @ piranha.pageedit.min.js:1
save @ piranha.pageedit.min.js:1
click @ VM1019:3
invokeWithErrorHandling @ piranha-deps-dev.js:19892
invoker @ piranha-deps-dev.js:20217
original._wrapper @ piranha-deps-dev.js:25570

Noticed the issue #1829, but I'm using the latest Piranha.

Steps to reproduce:

1. dotnet new piranha.razor
2. add to ConfigureServices

            services.Configure<CookiePolicyOptions>(options =>
            {
                // Sets the display of the Cookie Consent banner (/Pages/Shared/_CookieConsentPartial.cshtml).
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
            });

add UseCookiePolicy() to Configure

            // Configure Tiny MCE
            EditorConfig.FromFile("editorconfig.json");

            app.UseCookiePolicy();

            // Middleware setup
            app.UsePiranha(options => {
                options.UseManager();
                options.UseTinyMCE();
                options.UseIdentity();
            });

3. Go to manager, try saving/publishing a page

it doesn't matter if the GDPR cookie is accepted, since the manager should be marked essential Piranha 10.0.1 and newer?
I feel like I'm missing something obvious... Do I need to add it via options.Services.AddCookiePolicy and options.Builder.UseCookiePolicy().Build() or something now?

Interestingly, an older .NET Core 3.1 and Piranha 8.3.1 project with UseCookiePolicy() works without issue.

[tidyui]

Duplicate of #1829