This repository has been archived by the owner on May 10, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 441
Brave incorrectly reports HTTP connection as secure (shows lock icon) #7403
Milestone
Comments
cc @Brandon-T @iccub - i feel like i've run into this before |
Oops, I also get the red circle when visiting http://www.newlispfanclub.alh.net/forum/ Try visiting this instead: http://www.newlispfanclub.alh.net/forum/viewtopic.php?p=22253#p22253 |
11 tasks
iccub
pushed a commit
that referenced
this issue
May 9, 2023
Server Trust does not post a notification if the trust itself hasn't changed. Problem is that the trust on NTP is the same as on an HTTP site. So visiting an HTTP site takes the same trust as on NTP, which is wrong. To fix this, we post a notification ourselves to let us know that the URL changed but the trust stayed the same. This in turn causes the revalidation to happen.
iccub
pushed a commit
that referenced
this issue
May 9, 2023
Server Trust does not post a notification if the trust itself hasn't changed. Problem is that the trust on NTP is the same as on an HTTP site. So visiting an HTTP site takes the same trust as on NTP, which is wrong. To fix this, we post a notification ourselves to let us know that the URL changed but the trust stayed the same. This in turn causes the revalidation to happen.
Verified on
STEPS:
ACTUAL RESULTS:
|
Uni-verse
added
release-notes/exclude
release-notes/include
and removed
release-notes/exclude
labels
May 31, 2023
11 tasks
arthuredelstein
pushed a commit
to brave/brave-core
that referenced
this issue
Feb 13, 2024
…URL bar (brave/brave-ios#7420) Server Trust does not post a notification if the trust itself hasn't changed. Problem is that the trust on NTP is the same as on an HTTP site. So visiting an HTTP site takes the same trust as on NTP, which is wrong. To fix this, we post a notification ourselves to let us know that the URL changed but the trust stayed the same. This in turn causes the revalidation to happen.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description:
When visiting an HTTP website, for example
http://www.newlispfanclub.alh.net/forum/http://www.newlispfanclub.alh.net/forum/viewtopic.php?p=22253#p22253 , Brave shows the connection as secure even though it's not an HTTPS connection.Steps to Reproduce
http://www.newlispfanclub.alh.net/forum/http://www.newlispfanclub.alh.net/forum/viewtopic.php?p=22253#p22253Actual result:
Expected result:
For the lock icon to be replaced with some sort of not-lock icon and a clear warning shown either in the URL bar or somewhere else.
Reproduces how often:
Easily reproduced.
Brave Version:
Device details:
iOS 16.4.1 (a)
Website problems only:
Additional Information
The text was updated successfully, but these errors were encountered: