Description of the issue:
When you click on the address in the address bar, and hit enter, it navigates to HTTP instead of HTTPS - even when on an HTTPS page. This is unexpected, because it appears that every time you hit ctrl+R to refresh, it loads HTTPS, not HTTP.
Steps to Reproduce:
- Launch Brave
- Visit any website, like bing.com (they will redirect you to HTTPS)
- Hit ctrl+shft+I to open the dev tools
- Go to the Network tab, and clear it
- Click on the Address bar, and hit enter
- See that the first request in the network tab is HTTP, not HTTPS
Expected Result:
The request should go to HTTPS, since if you copy the URL, you copy HTTPS, and if you hit ctrl+R, it refreshes HTTPS.
Reproduces how often:
Always
Version Info:
Brave Version: 1.2.43
Chromium: 79.0.3945.130 (Official Build) (64-bit)
Reproducible on current live release:
Yes
Additional information:
Using Windows 10 on a Samsung laptop.
I consider the severity of this issue to be minor, since the issue can be redirected by Web Masters/Developers.
It did cause me some confusion, but now I understand these things better, so it was a good learning experience.
However, if the Web Master/Developer doesn’t handle this situation, and the planets align just right, it could potentially unmask login credentials somewhere out there in the world.