Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update HTTPS by Default to work with HttpsFirstModeV2 #28935

Closed
mkarolin opened this issue Mar 7, 2023 · 7 comments · Fixed by brave/brave-core#17856
Closed

Update HTTPS by Default to work with HttpsFirstModeV2 #28935

mkarolin opened this issue Mar 7, 2023 · 7 comments · Fixed by brave/brave-core#17856
Assignees
@arthuredelstein
Labels
Android 8 - Test/Verification Checking on an older Android device to make sure everything is working as expected OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include
Milestone
1.51.x - Release

Comments

@mkarolin
Copy link
Contributor

mkarolin commented Mar 7, 2023
edited by arthuredelstein
Loading

Chromium 112 has enabled HttpsFirstModeV2 feature flag by default. This feature provides a new implementation for HTTPS by default (see the tracking issue).

For now, we turned the flag to being disabled by default in Chromium 112 bump, but before the old implementation is removed upstream we need to update our implementation to work with HttpsFirstModeV2

Test Plan:
Same test plan as outlined in brave/brave-core#16521 (comment) and #27141 (comment), as well as "steps to reproduce" in #28809

cc: @arthuredelstein @pes10k
@arthuredelstein arthuredelstein self-assigned this Mar 7, 2023
@mkarolin
Copy link
Contributor Author

Once this is addressed, the HttpsUpgradesBrowserTest.* upstream tests disabled in test/filters/browser_tests.filter can be re-enabled and re-evaluated.

@arthuredelstein arthuredelstein mentioned this issue Mar 31, 2023
Merged
25 tasks
@brave-builds brave-builds added this to the 1.52.x - Nightly milestone Apr 17, 2023
@arthuredelstein arthuredelstein mentioned this issue Apr 21, 2023
Closed
@kjozwiak kjozwiak mentioned this issue Apr 25, 2023
Merged
25 tasks
@kjozwiak
Copy link
Member

kjozwiak commented Apr 27, 2023
edited
Loading

@brave/qa-team here's the are the reduced cases that I ran through while verifying on master before uplifting into 1.51.x. One other thing that we'll need to make sure that is working is upgrading from the previous implementation of HTTPS By Default to HttpsFirstModeV2 and make sure everything is retained/working as expected. CCing @arthuredelstein

@kjozwiak
Copy link
Member

The above requires 1.51.107 or higher for 1.51.x verification 👍

@GeetaSarvadnya
Copy link

GeetaSarvadnya commented Apr 28, 2023
edited
Loading

Verification PASSED on

Brave | 1.51.107 Chromium: 113.0.5672.63 (Official Build) (64-bit)
-- | --
Revision | 0e1a4471d5ae5bf128b1bd8f4d627c8cbd55f70c-refs/branch-heads/5672@{#912}
OS | Windows 10 Version 21H2 (Build 19044.2846)

Case 1 (from #28809) - PASSED

Steps:

  1. installed 1.51.107
  2. launched Brave
  3. used devtools to use a mobile UA (I used Android (4.0.2) browser
  4. loaded https://anicobin.ldblog.jp/archives/59981055.html
  5. clicked on the "comments" button

Confirmed I could load the comments section

example example example
image image image

Case 2 (from #27141) - PASSED

Default - Upgrade connections to HTTPS, Standard - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
default insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Upgrade connections to HTTPS, Strict - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Strict insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Upgrade connections to HTTPS, Disabled - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Shields down - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. loaded http://insecure.arthuredelstein.net
  4. loaded http://http.badssl.com
  5. loaded http://upgradable.arthuredelstein.net
  6. clicked on the Brave Shields icon in the URL bar
  7. toggled each of the above loaded sites' Shields to DOWN
  8. opened a New Private Window with Tor and loaded each of the above
Global Shields pref insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Profile/Pref Migrations - PASSED

defaults - PASSED

  1. installed 1.50.121
  2. confirmed default of Always use secure connections set to Off in brave://settings/security
  3. upgraded to 1.51.107
  4. launched Brave
  5. confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Standard
1.50.121 1.51.107
image
image

Always use secure connections set to On - ``

  1. installed 1.50.121
  2. clicked to toggle Always use secure connections set to On in brave://settings/security
  3. upgraded to 1.51.107
  4. launched Brave
  5. confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Strict
1.50.121 1.51.107
image image

@stephendonner
Copy link

stephendonner commented Apr 28, 2023
edited by btlechowski
Loading

Verification PASSED using

Brave 1.51.107 Chromium: 113.0.5672.63 (Official Build) (x86_64)
Revision 0e1a4471d5ae5bf128b1bd8f4d627c8cbd55f70c-refs/branch-heads/5672@{#912}
OS macOS Version 11.7.6 (Build 20G1231)

Case 1 (from #28809) - PASSED

Steps:

  1. installed 1.51.107
  2. launched Brave
  3. used devtools to use a mobile UA (I used Android (4.0.2) browser
  4. loaded https://anicobin.ldblog.jp/archives/59981055.html
  5. clicked on the "comments" button

Confirmed I could load the comments section

example example example example example
Screenshot 2023-04-29 at 3 39 47 AM Screenshot 2023-04-29 at 3 40 07 AM Screenshot 2023-04-29 at 3 40 18 AM Screenshot 2023-04-29 at 3 45 01 AM Screenshot 2023-04-29 at 3 46 22 AM

Case 2 (from #27141) - PASSED

Default - Upgrade connections to HTTPS, Standard - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
default insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-04-29 at 3 59 00 PM Screen Shot 2023-04-29 at 3 59 47 PM Screen Shot 2023-04-29 at 4 00 13 PM Screen Shot 2023-04-29 at 4 00 28 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-04-29 at 4 02 13 PM Screen Shot 2023-04-29 at 4 02 50 PM Screen Shot 2023-04-29 at 4 03 05 PM

Upgrade connections to HTTPS, Strict - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Strict insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-04-29 at 3 48 50 PM Screen Shot 2023-04-29 at 3 49 27 PM Screen Shot 2023-04-29 at 3 49 49 PM Screen Shot 2023-04-29 at 3 50 17 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-04-29 at 3 55 24 PM Screen Shot 2023-04-29 at 3 56 18 PM Screen Shot 2023-04-29 at 3 56 34 PM

Upgrade connections to HTTPS, Disabled - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-04-29 at 3 22 03 PM Screen Shot 2023-04-29 at 3 22 58 PM Screen Shot 2023-04-29 at 3 23 30 PM Screen Shot 2023-04-29 at 3 24 03 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-04-29 at 3 31 17 PM Screen Shot 2023-04-29 at 3 31 37 PM Screen Shot 2023-04-29 at 3 31 56 PM

Shields down - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. loaded http://insecure.arthuredelstein.net
  4. loaded http://http.badssl.com
  5. loaded http://upgradable.arthuredelstein.net
  6. clicked on the Brave Shields icon in the URL bar
  7. toggled each of the above loaded sites' Shields to DOWN
  8. opened a New Private Window with Tor and loaded each of the above
Global Shields pref insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screenshot 2023-04-29 at 11 00 40 PM Screenshot 2023-04-29 at 11 01 25 PM Screenshot 2023-04-29 at 11 01 53 PM Screenshot 2023-04-29 at 11 02 17 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screenshot 2023-04-29 at 11 03 07 PM Screenshot 2023-04-29 at 11 03 42 PM Screenshot 2023-04-29 at 11 03 22 PM

Profile/Pref Migrations - PASSED

defaults - PASSED

  1. installed 1.50.121
  2. confirmed default of Always use secure connections set to Off in brave://settings/security
  3. upgraded to 1.51.107
  4. launched Brave
  5. confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Standard
1.50.121 1.51.107
Screenshot 2023-04-29 at 10 43 30 PM Screenshot 2023-04-29 at 10 46 48 PM

Always use secure connections set to On - PASSED

  1. installed 1.50.121
  2. clicked to toggle Always use secure connections set to On in brave://settings/security
  3. upgraded to 1.51.107
  4. launched Brave
  5. confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Strict
1.50.121 1.51.107
Screenshot 2023-04-29 at 10 51 41 PM Screenshot 2023-04-29 at 10 52 57 PM

Verification passed on

Brave 1.51.107 Chromium: 113.0.5672.63 (Official Build) (64-bit)
Revision 0e1a4471d5ae5bf128b1bd8f4d627c8cbd55f70c-refs/branch-heads/5672@{#912}
OS Ubuntu 18.04 LTS

Case 1 (from #28809) - PASSED

Steps:

  1. installed 1.51.107
  2. launched Brave
  3. used devtools to use a mobile UA (I used Android (4.0.2) browser
  4. loaded https://anicobin.ldblog.jp/archives/59981055.html
  5. clicked on the "comments" button

Confirmed I could load the comments section

image image

Case 2 (from #27141) - PASSED

Default - Upgrade connections to HTTPS, Standard - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
default insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Upgrade connections to HTTPS, Strict - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Strict insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Upgrade connections to HTTPS, Disabled - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image

Shields down - PASSED

  1. installed 1.51.107
  2. launched Brave
  3. loaded http://insecure.arthuredelstein.net
  4. loaded http://http.badssl.com
  5. loaded http://upgradable.arthuredelstein.net
  6. clicked on the Brave Shields icon in the URL bar
  7. toggled each of the above loaded sites' Shields to DOWN
  8. opened a New Private Window with Tor and loaded each of the above
Global Shields pref insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
image image image image

Profile/Pref Migrations - PASSED

defaults - PASSED

  1. installed 1.50.121
  2. confirmed default of Always use secure connections set to Off in brave://settings/security
  3. upgraded to 1.51.107
  4. launched Brave
  5. confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Standard

image

Always use secure connections set to On - PASSED

  1. installed 1.50.121
  2. clicked to toggle Always use secure connections set to On in brave://settings/security
  3. upgraded to 1.51.107
  4. launched Brave
  5. confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Strict

image

@stephendonner stephendonner added QA/In-Progress Indicates that QA is currently in progress for that particular issue QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Apr 28, 2023
@LaurenWags LaurenWags mentioned this issue May 1, 2023
Closed
@GeetaSarvadnya
Copy link

GeetaSarvadnya commented May 2, 2023
edited
Loading

Verification PASSED on Vivo X70 Pro version 12 runnig Bravemonoarm64.apk_1.51.109

Case 1 (from #28809) - PASSED

Using the STR/Cases outlined via #28809 (comment), ensured the following:

Example Example Example
Screenshot_20230502_212532 Screenshot_20230502_212542 Screenshot_20230502_212550

Case 2 (from #27141) - PASSED

Shields Panel (Upgrade to HTTPS whenever possible (default))

Example Example Example Example
Screenshot_20230502_172312 Screenshot_20230502_172404 Screenshot_20230502_172450 Screenshot_20230502_172538

Shields Panel (Require all connections to use HTTPS (strict))

Example Example Example Example Example
Screenshot_20230502_175721 Screenshot_20230502_175727 Screenshot_20230502_180001 Screenshot_20230502_180026 Screenshot_20230502_180129
Example Example Example Example Example
Screenshot_20230502_181955 Screenshot_20230502_182003 Screenshot_20230502_182052 Screenshot_20230502_182100 Screenshot_20230502_182106

Shields Panel (Don't upgrade connections to HTTPS (disabled))

Example Example Example Example
Screenshot_20230502_195002 Screenshot_20230502_201047 Screenshot_20230502_201226 Screenshot_20230502_201248

Prevent permissive HTTPS Upgrade settings from leaking from Normal to Private windows

Basically used the STR/Cases outlined via brave/brave-core#17421 (comment) and went through the following:

Test Case #1 - Upgrade to HTTPS whenever possible (default)

  • visited http://upgradable.arthuredelstein.net in a Normal window and ensured that Upgrade to HTTPS whenever possible (default)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net
  • opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Upgrade to HTTPS whenever possible (default)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net

Test Case #2 - Require all connections to use HTTPS (strict)

  • visited http://upgradable.arthuredelstein.net and switched HTTPS upgrades to Require all connections to use HTTPS (strict)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net
  • opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Require all connections to use HTTPS (strict)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net

Test Case #3 - Don't upgrade connections to HTTPS (disabled)

Ensure that Don't upgrade connections to HTTPS (disabled) is NOT being used

Test Case #4 - Don't upgrade HTTPS connections (Private Window Only)

  • opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Upgrade to HTTPS whenever possible (default)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net
  • change the HTTPS upgrade setting to Don't upgrade connections to HTTPS (disabled) and load http://upgradable.arthuredelstein.net

Ensure that http://upgradable.arthuredelstein.net is not upgrade. With this case, we're basically ensuring that you can still use Don't upgrade HTTPS connections if changed within the Private window.

@GeetaSarvadnya GeetaSarvadnya added QA/In-Progress Indicates that QA is currently in progress for that particular issue and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels May 2, 2023
@kjozwiak kjozwiak added the Android 8 - Test/Verification Checking on an older Android device to make sure everything is working as expected label May 2, 2023
@kjozwiak
Copy link
Member

kjozwiak commented May 3, 2023
edited
Loading

Verification PASSED on Samsung Galaxy Tab S8 Ultra running Android 13 using the following build(s):

Brave | 1.51.109 Chromium: 113.0.5672.63 (Official Build) (32-bit)
--- | ---
Revision | 0e1a4471d5ae5bf128b1bd8f4d627c8cbd55f70c-refs/branch-heads/5672@{#912}
OS | Android 13; Build/TP1A.220624.014; 33; REL

Case #1 (from #27141) - PASSED

Shields Panel (Upgrade to HTTPS whenever possible (default))

Example Example Example Example
Screenshot_20230502_211118_Brave Screenshot_20230502_211149_Brave Screenshot_20230502_211302_Brave Screenshot_20230502_211309_Brave

Shields Panel (Require all connections to use HTTPS (strict))

Example Example Example Example Example
Screenshot_20230502_211519_Brave Screenshot_20230502_211433_Brave Screenshot_20230502_211439_Brave Screenshot_20230502_211527_Brave Screenshot_20230502_211531_Brave
Example Example Example Example Example
Screenshot_20230502_212025_Brave Screenshot_20230502_212030_Brave Screenshot_20230502_212038_Brave Screenshot_20230502_212042_Brave Screenshot_20230502_212046_Brave

Shields Panel (Don't upgrade connections to HTTPS (disabled))

Example Example Example Example
Screenshot_20230502_213842_Brave Screenshot_20230502_213829_Brave Screenshot_20230502_213836_Brave Screenshot_20230502_213848_Brave

Prevent permissive HTTPS Upgrade settings from leaking from Normal to Private windows

Basically used the STR/Cases outlined via brave/brave-core#17421 (comment) and went through the following:

Test Case #1 - Upgrade to HTTPS whenever possible (default)

  • visited http://upgradable.arthuredelstein.net in a Normal window and ensured that Upgrade to HTTPS whenever possible (default)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net
  • opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Upgrade to HTTPS whenever possible (default)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net

Test Case #2 - Require all connections to use HTTPS (strict)

  • visited http://upgradable.arthuredelstein.net and switched HTTPS upgrades to Require all connections to use HTTPS (strict)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net
  • opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Require all connections to use HTTPS (strict)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net

Test Case #3 - Don't upgrade connections to HTTPS (disabled)

Ensure that Don't upgrade connections to HTTPS (disabled) is NOT being used

Test Case #4 - Don't upgrade HTTPS connections (Private Window Only)

  • opened a Private window and visited http://upgradable.arthuredelstein.net and ensured Upgrade to HTTPS whenever possible (default)
    • ensured that http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net
  • change the HTTPS upgrade setting to Don't upgrade connections to HTTPS (disabled) and load http://upgradable.arthuredelstein.net

Ensure that http://upgradable.arthuredelstein.net is not upgrade. With this case, we're basically ensuring that you can still use Don't upgrade HTTPS connections if changed within the Private window.

There's no upgrade cases that need to be done on Android as mentioned via #28935 (comment) as HTTPS by Default is being pushed out for the first time via 1.51.x.

@kjozwiak kjozwiak mentioned this issue May 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arthuredelstein arthuredelstein

Labels
Android 8 - Test/Verification Checking on an older Android device to make sure everything is working as expected OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include
Projects
None yet
Milestone
1.51.x - Release
Development

Successfully merging a pull request may close this issue.

Migrate to HttpsFirstMode v2 brave/brave-core
7 participants
@arthuredelstein @stephendonner @kjozwiak @btlechowski @GeetaSarvadnya @mkarolin @brave-builds