I have a top level site1.com that has a child iframe with src pointing to bot.com.
bot.com just contains a simple js script that does a fetch to auth.com/login which returns it a cookie with these params:
Domain=auth.com, SameSite=None, Path=/, Secure, HttpOnly & Expires in 1 hr
Then it does another fetch to auth.com/auth, but the cookie is not sent as expected.
Looking at the cookie in Chrome (latest ver) debugger I see it is partitioned to the top level site1.com. Research showed it's related to CHIPS - but my second call is from the same iframe, nested in the same parent page... why would it not send the cookie?
