Amended the other cookieSecurePolicy config options

modules/end-user/src/gpconnect-appointment-checker/Core/Configuration/Infrastructure/Authentication/AuthenticationExtensions.cs

@@ -36,7 +36,7 @@ public void ConfigureAuthenticationServices(IServiceCollection services)
                 options.Events.OnValidatePrincipal = PrincipalValidator.ValidateAsync;
                 options.Cookie.Name = ".GpConnectAppointmentChecker.AuthenticationCookie";
                 options.Cookie.SameSite = SameSiteMode.None;
-                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
             })
             .AddOpenIdConnect(
                 _singleSignOnConfig.ChallengeScheme,

modules/end-user/src/gpconnect-appointment-checker/Core/Configuration/Infrastructure/ServiceCollectionExtensions.cs

@@ -33,7 +33,7 @@ public static IServiceCollection ConfigureApplicationServices(this IServiceColle
         {
             options.ConsentCookie.Name = ".GpConnectAppointmentChecker.ConsentCookie";
             options.CheckConsentNeeded = context => true;
-            options.ConsentCookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.ConsentCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
             options.MinimumSameSitePolicy = SameSiteMode.Strict;
         });
 
@@ -113,7 +113,7 @@ public static IServiceCollection ConfigureApplicationServices(this IServiceColle
         { 
             options.SuppressXFrameOptionsHeader = true;
             options.Cookie.HttpOnly = true;
-            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
             options.Cookie.SameSite = SameSiteMode.Strict;
         });