Description of the issue:
When you click on the address in the address bar, and hit enter, it navigates to HTTP instead of HTTPS - even when on an HTTPS page. This is unexpected, because it appears that every time you hit ctrl+R to refresh, it loads HTTPS, not HTTP.
Steps to Reproduce:
- Launch Brave
- Visit any website, like bing.com (they will redirect you to HTTPS)
- Hit ctrl+shft+I to open the dev tools
- Go to the Network tab, and clear it
- Click on the Address bar, and hit enter
- See that the first request in the network tab is HTTP, not HTTPS
The request should go to HTTPS, since if you copy the URL, you copy HTTPS, and if you hit ctrl+R, it refreshes HTTPS.
Reproduces how often:
Brave Version: 1.2.43
Chromium: 79.0.3945.130 (Official Build) (64-bit)
Reproducible on current live release:
Using Windows 10 on a Samsung laptop.
I consider the severity of this issue to be minor, since the issue can be redirected by Web Masters/Developers.
It did cause me some confusion, but now I understand these things better, so it was a good learning experience.
However, if the Web Master/Developer doesn’t handle this situation, and the planets align just right, it could potentially unmask login credentials somewhere out there in the world.