choffman PRO said about 3 years ago on Sign in with Apple :
I read changing this setting to :none will eliminate the error. But, that doesn't seem right. I tested it and it works in Safari and FF (no nonce mismatch error), but fails in Chrome. Hmmm.... 
config.action_dispatch.cookies_same_site_protection = :lax