Not able to log into Angular Development Environment after CU2

As additional information, there seems to be a problem with the cookies.

When the System is trying to set Cookies there is a message:

"This Set-Cookie has been blocked because it has the secure attribute but was not received over a secure connection"

We also have this message with version 9.1.1 after trying to reproduce the steps from Herwig Abele's YouTube series.

What we have configured so far
- Config parameter QBM\ApiServer\Defaults\SameSiteCookie -> from "lax" to "none"

- imxweb\projects\qer-app-pwdportal\src\environments\environment.ts
 -> Change URL from localhost to API server URL

The response is the same as mentioned above

[
{
"Message": "Your session has expired. Please reload this page and login again.",
"Number": 57002006
}
]

We have also experimented with the setting "ServerLevelConfig/XsrfProtectionDisabled" in the admin portal - but so far we have not been able to observe any effect.

The secure cookie error message is because you probably have in the web.config the line:

<httpCookies httpOnlyCookies="true" requireSSL="true" />

The requireSSL is true will fail if you access the site without using https. 

It's a local Angular Development-Environment. The API-Server ist startet from the tool folder via imx-client.exe . Which web.config is used in this case and is it used at all?

I found a workaround for this. When i enter the API Server on the IIS instead of the locally (via imx-client) started one in the relevant environment file, It works again, since the connection to the API Server is now https. Of course the CSRF Cookies need to be deactivated to make this work.

I would still be interested if there is a way to make this work with a locally started API Server