Always redirecs http to https connection even when "Always use secure connections" is turned off

testuser3130 · October 15, 2024, 5:18pm

Description of the issue:
Always redirects http requests to https. As part of the local application development I use http://localhost:4200, but brave always upgrades connection to https and redirects to https://localhost:4200 then shows “This site can’t provide a secure connection”.

To fix this, I need to go to brave://net-internals/#hsts and remove localhost from “Delete domain security policies” . But the issue comes back after browser restart.

How can this issue be reproduced?

Go to brave://settings/security?search=https and un toggle “Always use secure connections”
Start any webapp on port http://localhost:4200 and it redirects to https://localhost:4200

Expected result:
URL: http://localhost:4200 should without any issues

Brave Version( check About Brave):
v 1.70.126

Additional Information:
I still can’t believe this issue exists after many years.

fmarier · October 16, 2024, 9:02pm

What do you have for Upgrade connections to HTTPS in brave://settings/shields?

shivan · October 17, 2024, 12:28am

HTTPS upgrades should not cause upgrades for localhost. You can verify this by disabling brave://flags/#https-by-default and seeing if the behaviour persists. I cannot reproduce the problem. Are you sure you don’t have an extension that could be trying to do this upgrade?

shivan · October 17, 2024, 12:30am

Always use secure connections is not a setting in Brave, but is in Chrome. Are you sure you’re testing Brave? Can you also double-check whether brave://flags/#https-by-default is Enabled? It should be.

testuser3130 · October 17, 2024, 2:21pm

testuser3130 · October 17, 2024, 2:21pm

It’s disabled

shivan · October 17, 2024, 4:22pm

If you enable the setting, does the problem persist? Also can you disable all extensions and see if the problem persists?

testuser3130 · October 17, 2024, 6:09pm

Okay. After looking at another thread I was able to figure out the issue.

For some reason HSTS header was cached and manually clearing browsing history fixed the issue. If I see the issue again, I will create new thread.

duckman · November 9, 2024, 5:31am

The settings dont’ do a thing- they are uselsess. The only thing that works is manually deleting the domain using this page chrome://net-internals/#hsts

Topic		Replies	Views
Stop brave from redirecting http://localhost to https://localhost Desktop Support windows	9	9245	July 26, 2022
Localhost connection automatically upgrades to HTTPS Desktop Support windows	3	1833	August 18, 2022
Disabling Upgrade to HTTPS doesn't work and Brave still forces all sites to https Desktop Support windows	2	1147	October 10, 2021
Disabling "Upgrade connections to HTTPS" is not working Desktop Support linux	3	1458	June 22, 2020
Disable HTTP support completely. Only ever use HTTPS Desktop Support windows	7	1280	November 23, 2023
Disable forcing HTTPS Browser Support windows	22	4903	January 12, 2024
Upgrade connections to HTTPS not working? Browser Support macos	7	1778	November 24, 2019
Brave blocking localhost because of http Desktop Support browser , macos	5	46	November 20, 2024

Always redirecs http to https connection even when "Always use secure connections" is turned off

Related topics