according to newest security changes in Chrome, for cross-site cookies to be properly set in cross-domain scenario (iframe), they should have SameSite=None and Secure attributes.
According to this issue https://github.com/eclipse/jetty.project/issues/4247 this can be configured in web.xml for Jetty to handle it, but since version 9.4.23.
In WebMethods 10.1 I can see Jetty of version 9.2.*. Is Jetty updated in newer versions of WebMethods? Is there a version where version later than 9.4.23 is used so that we can use this feature to setup cookie attributes?