Can't turn shields off on localhost



Description of the issue
I am running a web app locally on my machine while developing it. This app uses third party features which do not work with Brave unless you turn off the shields. I am fine with turning off shields for this purpose, but when I hit the switch to turn them off while on my localhost, the switch does not move and the page refreshes, and shields stay up no matter what I do. All this works fine when the app is hosted on a real domain.

Exact URL of the website in question

Did the issue present with default Shields settings?

Does the site function as expected when Shields are turned off?

Is there a specific Shields configuration that causes the site to break? If so, tell us that configuration.

Does the site function as expected when using Chrome?

What Brave version/Build are you using when you encounter the issue?
Version 0.60.5 Chromium: 72.0.3626.28 (Official Build) dev (64-bit)

Can not turn Shields DOWN with https://localhoast

If you try and modify the configurations in the panel (like setting cookie control to All Cookies allowed for example), do they stick or are they also rest after the page refreshes?


I tried allowing everything, no change.

I think the problem might have something to do with upgrading to https. Since this is locally hosted I obviously don’t have an ssl cert, so it needs to be sent over http. The site actually gets served just fine, and everything works except the third-party stuff. But if I try to turn off “connections encrypted”, that switch does the same thing as the main shields switch: just stays in the “on” position, no matter what.

If I turn off https everywhere in my global settings, it still doesn’t let me turn the shields off on localhost though.


Mentioning certificates reminded me of another user who had encountered this:

I never did get to the bottom of that. What does it say when you click the padlock icon on the left-hand side of the address bar?


Since it’s localhost, I’m not using https and my dev server doesn’t serve the app in https. I just get a standard “insecure connection” message.


Looking at the other topic you linked, I would guess that this is probably the same issue, since localhost is just an alias for


Just a “me-too” and subscribe to this topic post.

In my case, the url is a bonjour / avahi localsite.local kind of thing that is (and always will be) accessed via http. Would be nice to be able to turn shields off for it.


Thank you both for reporting.
It looks like this is a known issue that needs to be addressed. Dug this up trying when looking for a workaround to the Shields behavior:


Have the same problem, but managed to find a workaround at least. Visiting 192:168:1:100 without any port (even though it gives me a 404-error) allowed me to turn shields off. It then seems to stay off when then visiting and so on.


This works for localhost as well, great workaround! :grin:

closed #11

This topic was automatically closed after 30 days. New replies are no longer allowed.