Issues Authenticating with AAD using Cypress

I'm trying to write automated tests using Cypress for an application which is authenticated through Azure Active Directory.

I'm following a guide found on the cypress website, and it is successfully loading the login page, entering the password and seems to be successful til the last step - when the POST token API call fails with an error 400 and including this error message from AAD

Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests

Some research has indicated that this is due to the "origin" header not being passed, and the header is actually not being sent with the request.

If I modify the chromeWebSecurity field in the config, it works for a while, but then randomly and inconsistantly starts failing again

module.exports = defineConfig({
  e2e: {
    setupNodeEvents,
    specPattern: "cypress/e2e/features/*.feature",
    baseUrl: "https://xxxxxxxxx", //My website url
    chromeWebSecurity:true,
    experimentalModifyObstructiveThirdPartyCode:true,
    }
//...
});

The login code is copied almost directly from the example in the guide, but I've reproduced it here

function loginViaAAD(username, password) {
    cy.visit('https://xxxxxxxxx')//My website

    // Login to your AAD tenant.
    cy.origin(
      'login.microsoftonline.com',
      {
        args: {
          username,
          password
        },
      },
      ({ username, password }) => {
        cy.get('input[type="email"]').type(username, {
          log: false,
        })
        cy.get('input[type="submit"]').click()
        cy.get('input[type="password"]').type(password, {
                    log: false,
                  })
                  cy.get('input[type="submit"]').click()
                  cy.contains("Yes").click();
      }
    )
        cy.url().should("contain","https://xxxxxxx"); //My website
    }

How can I fix this, why isn't Cypress sending the origin header with the request?

from Issues Authenticating with AAD using Cypress