Always redirecs http to https connection even when "Always use secure connections" is turned off


Description of the issue:
Always redirects http requests to https. As part of the local application development I use http://localhost:4200, but brave always upgrades connection to https and redirects to https://localhost:4200 then shows “This site can’t provide a secure connection”.

To fix this, I need to go to brave://net-internals/#hsts and remove localhost from “Delete domain security policies” . But the issue comes back after browser restart.

How can this issue be reproduced?

  1. Go to brave://settings/security?search=https and un toggle “Always use secure connections
  2. Start any webapp on port http://localhost:4200 and it redirects to https://localhost:4200

Expected result:
URL: http://localhost:4200 should without any issues

Brave Version( check About Brave):
v 1.70.126

Additional Information:
I still can’t believe this issue exists after many years.

What do you have for Upgrade connections to HTTPS in brave://settings/shields?

1 Like

HTTPS upgrades should not cause upgrades for localhost. You can verify this by disabling brave://flags/#https-by-default and seeing if the behaviour persists. I cannot reproduce the problem. Are you sure you don’t have an extension that could be trying to do this upgrade?

Always use secure connections is not a setting in Brave, but is in Chrome. Are you sure you’re testing Brave? Can you also double-check whether brave://flags/#https-by-default is Enabled? It should be.

It’s disabled

If you enable the setting, does the problem persist? Also can you disable all extensions and see if the problem persists?

Okay. After looking at another thread I was able to figure out the issue.

For some reason HSTS header was cached and manually clearing browsing history fixed the issue. If I see the issue again, I will create new thread.

The settings dont’ do a thing- they are uselsess. The only thing that works is manually deleting the domain using this page chrome://net-internals/#hsts

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.