Has this policy option been deprecated (for allowing SameSite cookies to be none, insecure, etc.). As of last week our users were able to perform punchout over HTTP with cookes set to none/lax and as of this week it no longer functions. (this is a temporary stopgap for us while we are upgrading things).