SESSION_COOKIE_SAMESITE not woking

I wanted to embed dashboard to iframe, but got cross-site issue. But I don’t want to use PUBLIC_ROLE_LIKE_GAMMA = True and let everyone who knows the link to access my dashbaord. The solution I found was to set SESSION_COOKIE_SAMESITE = None. The feature have existed after flask 1.0 #2607 changed log

But no matter what I set, the samesite attribute has never shown up.

I can assure that flask and werkzung both are right version. #1549 and use the right config file.

Expected Behavior

Set-Cookie: session=<session>; Expires=Mon, 23-Nov-2020 11:58:00 GMT; Path=/; secure; samesite=<whatever I set>

Actual Behavior

Set-Cookie: session=<session>; Expires=Mon, 23-Nov-2020 11:58:00 GMT; Path=/; secure

Example

1. Try to set samesite=strict and without secure.

config.py

SESSION_COOKIE_SAMESITE = 'Strict'
SESSION_COOKIE_HTTPONLY = False
SESSION_COOKIE_SECURE = False

result

1. Try to set samesite=lax and with secure.

config.py

SESSION_COOKIE_SAMESITE = 'Lax'
SESSION_COOKIE_HTTPONLY = False
SESSION_COOKIE_SECURE = True

result

Environment

• Python version: 3.6
• Flask version: 1.1.2
• Werkzeug version: 1.0.1
• Superset version: 0.999.0dev

Checklist

Make sure to follow these steps before submitting your issue - thank you!

• I have checked the superset logs for python stacktraces and included it here as text if there are any.
• I have reproduced the issue with at least the latest released version of superset.
• I have checked the issue tracker for the same issue and I haven’t found one similar.