Upgrading to https not handling a serverside https downgrade #40346
Labels
OS/iOS
Fixes related to iOS browser functionality
privacy/https-upgrades
Issues related to HTTPS Upgrades feature
QA Pass - iPad
QA Pass - iPhone
QA/Test-All-Platforms
QA/Yes
release-notes/include
security
Milestone
Description
Sites such as http.badssl.com will downgrade https to http which will cause us try to upgrade multiple times before webkit spits out an error and an exception is added. This is not good because this will cause unnecessary redirects future problems (such as when using chromium web views) which may result in infinite redirect loops.
Steps to reproduce
This is currently not reproducable until after we merge @kylehickinson 's PR: brave/brave-core#24657
However we should do a sanity test on https upgrading anyways. You should make sure to test both http://http.badssl.com which does a https->http redirect and http://example.com which does not.
Actual result
N/A
Expected result
N/A
Reproduces how often
No steps to reproduce
Brave version
1.68
Device/iOS version
Any
Affected browser versions
Reproducibility
Miscellaneous information
No response
The text was updated successfully, but these errors were encountered: