Setting same site policy in Confluence cookie

We are displaying Confluence pages inside an iframe, and since Chome update default same site policy to “lax” we are unable to login the users.
Is there any way to set the same site cookie header in an addon? We tried using servlet-filter, but the cookie header was not present in the HTTP response.
We also looked into creating a new cookie, but were unable to figure out how to extract the user token.