SameSite = None;Secure for Google App Engine web apps; (SACSID) cookie blocked in iframe.

[believe-Mahesh]

I have a google appengine application (A) which accesses some content from another google appengine app (B) in iframe. This feature was working for sometime now. Suddenly it stopped working after the browser update. In the Dev tools, I am getting "cookie blocked due to samesite attribute missing" message. But When i access the apps individually, it works fine. Also, i verified in dev tools that the cookie in both these apps has samesite attribute set to none and secure. I had surfed and read about this attribute and I believe setting of this attribute enhances security by blocking third party cookies access and chrome has made it mandatory (enforcing this). Hence, disabling this in chrome://flags is not an option I am considering, But i checked by doing this and it works. So why does chrome blocks the iframe content eventhough the cookie has samesite attribute none and secure. Since the server environment are of appengine (GCP) this case was supposed to be a single sign on use case as appengine uses gmail logins to authenticate. So all the cookies must have samesite attribute set to none and secure. But i am not understanding the logic behind blocking the third party cookie in iframe of app A.

Google chrome version : 83.0.4103.97 (Official Build) (64-bit)