GDPR is stupid. I can force the site to use HTTPS completely if thats what you want.
Not our fault if someone decides to connect via http. We can't sit at everyones computer and educate them on HTTP and HTTPS.
The cookies were secure, but as you are moaning, I have now disabled sub domain cookies.
Site is now not accesable by HTTP://
Bump - even after update/upgrade, visiting this site using https is STILL broken. Same old, same old.
Never mind that allowing the same authentication tokens and cookies etc to be shared across https and http where any man-in-the-middle can snap them up isn’t exactly security. What does GDPR say about protecting user data? What is the penalty for not being GDPR compliant again? Do you feel lucky?