What should I do with the "sameSite" and others Chrome warnings

Hi, I use Auth0 but I am not a web security expert. I use the latest Auth0 libraries and the sameSite warning is there, even if I also use what is essentially an adaptation of your example Java application.
I attach below all the warnings which I get now.

Would it be possible to update the app, or alternately to say in simple words what to modify, with example JS or Java or web.xml or server.xml code and not necessarily detailed diagrams of security protocols to study. Unless necessary, I would not want to know the intricacies of internet cookies just because Google is about to push some change, also because as a non-web security expert, I might miss something and produce an inferior solution.

I attach all the warnings which I get now.

A cookie associated with a cross-site resource at was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .
2reqwest.js:226 GET https://dev-.auth0.com/user/ssodata 404
getRequest @ reqwest.js:226
init @ reqwest.js:365
Reqwest @ reqwest.js:235
reqwest @ reqwest.js:429
Auth0.getSSOData @ index.js:1695
Auth0Lock.initialize @ index.js:670
onoptionsready @ index.js:576
binded @ index.js:12
done @ index.js:191
binded @ index.js:12
g @ events.js:169
EventEmitter.emit @ events.js:77
OptionsManager.state @ index.js:175
OptionsManager._onclientloaded @ index.js:260
binded @ index.js:12
(anonymous) @ index.js:148
g @ events.js:169
EventEmitter.emit @ events.js:99
global.window.Auth0.setClient @ index.js:189
(anonymous) @ .js?:1
index.jsp:1 Access to XMLHttpRequest at 'https://dev-
.auth0.com/user/ssodata’ from origin ‘https://***’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

If I got it right, it is better now to use what is called a universal login, that is, to call Auth0 site to get the Lock widget. In fact, the Java app did that originally, but I changed it to the JS Lock widget in order to customize it.

So I rolled back to the universal login. It is better to have no visual customization than actual login problems.

It turns out, the universal login can be customized https://manage.auth0.com/dashboard/eu/dev-oq8ogj3g/login_settings

Yep depending whether you use the classic or new one, the first one will give you more customisation options while the other less but will be more light-weight!