Openid refresh dance in some sites still broken with Firefox new "SameSite=lax" cookie policy

Session and CSRF cookies switched to explicit "SameSite=None; Secure" in response to the new "lax by default" policy in modern browsers (lp:1888734), but I'm still experiencing intermittent issues while logging in to some sites. My browser is Firefox 81.0 snap on Ubuntu Focal, with "network.cookie.sameSite.laxByDefault: true" (by default) and "app.normandy.startupRolloutPrefs.network.cookie.sameSite.laxByDefault: true". In particular:

- https://snapcraft.io/snaps
    - browser enters an infinite loop redirecting between snapcraft.io and sso/openid, with an infinite number of log messages like: "Cookie “openid_referer” has “SameSite” policy set to “Lax” because it is missing a “SameSite” attribute, and “SameSite=Lax” is the default value for this attribute."

- https://jenkins.ols.canonical.com/online-services
    - Apache returns a 403 page with: "Forbidden: You don't have permission to access /online-services/securityRealm/finishLogin on this server."

Once I manually set "network.cookie.sameSite.laxByDefault: false" at about:config, everything works again. Interestingly, I've been unable to reproduce; but it'll happen every Monday, probably due to session timeout.

I believe setting openid_referer with "SameSite=None; Secure" should fix it, but am a bit unsure as I cannot reproduce at the moment.