It’s a custom runtime setting.
com.mendix.core.SameSiteCookies
details: https://docs.mendix.com/refguide/custom-settings/#commendixcoreSameSiteCookies
if you are on docker buildpack, create an environment variable with name MXRUNTIME_com_mendix_core_SameSiteCookies
details at: https://github.com/mendix/cf-mendix-buildpack?tab=readme-ov-file#custom-runtime-settings
and if you are on mendix operator, set it in your mendix app CR:
Inside of the
customConfiguration
Details at: https://docs.mendix.com/developerportal/deploy/private-cloud-operator/
Just for your awareness, you may consider this alternative, i think it can work with kubernetes.
Since Mx10.3, you can configure the mendix URL with a subpath. So if you own the hosting application "https://hosting-app.com/", and if you can configure a reverse proxy rule, your mendix app URL can look like "https://hosting-app.com/my-mx-app".
This also solve the iframe challenge and keep the SameSite=Strict and more, because the hosting app and the mendix app can share cookies together.
See documentation :
https://docs.mendix.com/refguide/custom-settings/#applicationrooturl-section