CMS + CMP Publishing integration returns a 403 unauthorized response when previewing

Hi!

We are currently setting up a CMS and CMP intrgration for my client's need for publishing between the varioys systems. For this we are setting up the CMP platform for our local development (https://localhost:58603/) environment.

We are following the provided documentation for this here: CMS + CMP publishing integration

But we seem to face somekind of 403 unauthorized response between the integration when trying to preview the content in the CMP edit mode. It seems to related to the iframe embedment between the two environments, but we have tried various settings for allowing the localhost environment communicate properly with the https://cmp.optimizely.com/ 

The documentation states these kind of issues like setting the X-Frame-Options and other third party cookies settings in the browser but the 403 response is consistent in the main preview frame in the CMP but not when trying to edit some content, such as the all properties mode.

Here are some settings we have tried on our side:

  public void ConfigureServices(IServiceCollection services)
  {
      IMvcBuilder builder = services.AddRazorPages();
      if (_webHostingEnvironment.IsDevelopment())
      {
          // Cmp service credentials for development
          services.Configure<CmsServiceOptions>(o => {
              o.AddDevelopmentSigningCredentials();
          });
      } 
      else
      {
          services.AddCmsCloudPlatformSupport(_configuration);
      }
  // Allow the quick editor to be embedded into CMP via an iframe
  services.AddAntiforgery(options =>
  {
      options.Cookie.SameSite = SameSiteMode.None;
      options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
      options.SuppressXFrameOptionsHeader = false;
  });
  services.Configure<CookiePolicyOptions>(options =>
  {
      options.MinimumSameSitePolicy = SameSiteMode.None;
  });
 services.AddCors(options =>
 {
     options.AddPolicy("AllowAll", builder =>
     {
         builder.AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader();
     });
 });
 public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IContentEvents contentEvents)
 {
  app.UseStaticFiles();
  app.UseRouting();
  app.UseCors("AllowAll");
  app.UseAuthentication();
  app.UseCmsCmpPublishingPreviewLinks();
  app.UseAuthorization();
  app.Use(async (context, next) => { context.Response.Headers["X-Frame-Options"] = "ALLOW-FROM https://cmp.optimizely.com"; await next(); });
}

The preview of the content does not return a valid response in the preview of the content:

The Edit Page seems to work fine in the Preview mode in the CMP: