Basecamp: SSL expired subdomain leads to API swap with main and flagged cookies. Unable to log device ids and certain session tokens.

SUMMARY - Replacing the login page of launchpad.37signals.com with subdomain help-basecamphq.37signals.com greats you to a login page in which is unsecure and with header sec-fetch-site: same-origin injected into your headers you can disable cookies such as . STEPS TO REPRODUCE 1. Visit...