Browser erroneously shows 403 to localhost development web server

Description of the issue:
I’m a developer hacking on a web app. My dev server (ruby on rails) runs an http app on localhost:7000. It works 99.9% of the time until it doesn’t. Then, boom I start getting 403s in the browser.

The application is not broken.
curl localhost:7000 works fine.
Clearing site data and trying again does not fix the problem. As a matter of fact, when the browser is in this state, clearing site data doesn’t actually work. By that I mean that the cookies which show up in the cookies tab do not disappear. And subsequent requests (which still 403) still show the cookies in the request.
There is no server log activity (which otherwise works fine).

On the flip side, a private window works fine.
It’s just the normal brave profile (the default profile) stops working.

Killing Brave and restarting it fixes this problem.

How can this issue be reproduced?

It seems to be triggered by making a request to localhost:7000 when the dev server is not running. Getting a 403 in this situation is obviously expected. But it persists after I restart the server.

It’s like maybe the browser profile has cached the 403.

It seems to timeout after a few minutes and start working again.

Expected result:
This shouldn’t happen

Brave Version( check About Brave):

Version 1.73.97 Chromium: 131.0.6778.108 (Official Build) (arm64)

The clues are in your description:

“On the flip side, a private window works fine.”

“Killing Brave and restarting it fixes this problem.”

“It’s like maybe the browser profile has cached the 403.”

So, what do those have in common?

What happens to cookies and cache, when you close/quit Private Windows?

What happens to cookies and cache, when you restart?

What are the settings for your cookies and cache?

So, Brave caches 403s with default cache settings? This is expected?


Also, clearing cookies and cache seems to solve your concern - but I am uncertain of your Settings:

In a Brave Browser New Window, go to:

brave://settings/clearBrowserData

Examine all three tabs, Basic, Advanced, On exit - and adjust/test the settings. In other words, do a lot of “What if?” testing, and thereby learn what may/will be affected.


Also, find the setting(s) that upgrade an HTTP connection to an HTTPS connection, and disable that - while developing.


And check out:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.