The Chrome dev team plans to change the default cookie behaviour by setting the SameSite attribute to Lax.
This will break OfficeJS access for Chrome 80 users, as the cookie will not be send anymore when erp5 would be accessed from the external web site.
In order to keep the current functionalities, one quick solution is too manually set the SameSite value to None.
Of course, doing it would prevent to get all the benefits of the Lax value.
But I believe we would have to finish MR138 to get it.