Setting cookie to samesite=none not working

Your software
My Mautic version is: 2.16.1
My PHP version is:7.3

Your problem
My problem is: though I upgraded to mautic 2.16 with php 7.3 and apache2.4.29 the samesite cookie problem is not resolved , it is claimed to be fixed in this version
If I remove the samesite attribute from apache conf samesite=none attribute doesnot work, however if I enable the headers module and define the following
#Header set Set-Cookie: “language=eng; path=/; HttpOnly; Secure; SameSite=None”
no warnings are shown in chrome browser for cross site cookies. that brings another peculiar issue which is "cors " and my xmlhttprequests are getting blocked - following is error log from chrome browser’s console

These errors are showing in the log:
Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

In Nginx I dont see this CORS issue but samesite=none cannot be set, My question is If it fixed in new version of mautic - it is claimed to be fixed in this version
How can I test this fix that mautic has done, I did not find any clear instructions to test this, please let me know if anyone facing the same issue like me. Any help is Appreciated, Thank you !

This is my Apache configurations for site

<VirtualHost *:80>

    DocumentRoot /var/www/html/mautic
    #RewriteEngine On
    #RewriteCond %{HTTPS} off
    #RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

<Directory /var/www/html/mautic/>

    Options +FollowSymlinks
    AllowOverride All
    Require all granted
    Header set Set-Cookie: "language=eng; path=/; HttpOnly; Secure; SameSite=None"
    Header set Access-Control-Allow-Credentials true
    #Header set Access-Control-Allow-Origin ""
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header set Access-Control-Max-Age "36000"
    Header set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, accept, client-security-token"
    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' * * * *"
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLCertificateFile      /etc/letsencrypt/live/
    SSLCertificateKeyFile   /etc/letsencrypt/live/
    SSLCertificateChainFile /etc/letsencrypt/live/