Can't log in to admin on Chrome & Safari - possible CloudFlare cookie issue?

I’ve got an issue where when I try to log in to the admin section on Chrome and Safari. The authentication call goes through and it redirects to admin from the login, but then I get a 401 from the auth, store and users routes and I get redirected back to the login page. This doesn’t happen on Firefox.

I don’t get any useful output from Medusa when the login attempt happens, just the return of the 401. In Chrome’s response headers for set-cookie, there’s a warning and it says

This Set-Cookie didn't specify a "SameSite" attribute and was default to "SameSite=Lax" and was blocked because it came from a cross-site response which was not the response to a top-level navigation. The Set-Cookie had to have been set with "SameSite=None" to enable cross-site usage.

My NODE_ENV=production so it should be being set to none, but that isn’t happening (both Secure and SameSite have no value). I can manually set Secure and SameSite and this then allows login, but it causes other issues from my storefront. Plus it’s not a very satisfying conclusion.

I’m running medusa at a subdomain through CloudFlare using a proxied A record, so this stackoverflow issue seems to be close to my problem, but the only solution there is already how things are set up here i.e. we’re using app.set("trust proxy", 1). The admin is on Netlify at a netlify.app domain.

Also I’m not sure if this should actually be a medusajs/medusa issue, rather than admin as it seems that my problem is with the cookie that’s being set there, but it’s presenting as an admin issue so I’m posting here for now.