How do I disable forced https when browsing non-secure websites?

Description of the issue:
Unable to browse non-https websites. Brave forces all sites to HTTPS, despite being set to off in Shields and Privacy and Security settings.

How can this issue be reproduced?

  1. Make sure my brave://settings/shields Upgrade connections to HTTPS is set to false.
  2. Make sure my brave://settings/security always use secure connections is set to false.
  3. Post any http address in the search bar.
  4. Click enter.
  5. The address will change to https address.

Expected result:
http website opens normally

Brave Version: 1.41.100 Chromium: 103.0.5060.134 (Official Build) (64-bit)

Additional Information:
I can navigate to sites using other web browsers (that don’t force HTTPS).

Specific site I am trying to reach is:

Receive the following error:

Server Error in ‘/CMCPortal’ Application.

Runtime Error

Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.


I don’t think it’s strictly an HTTP vs. HTTPS issue, because works (and is where you get redirected by the first link).

But there is definitely some funny business going on after that first redirect. When Brave tries to hit the above URL it gets a 302 response code, whereas Firefox gets a 200 and then continues on its way.

Wonder if they might be doing some User-Agent filtering, or maybe their JavaScript is broken in some way. Can look some more later if nobody beats me to it.

I’ve gotten similar/same results from other sites, though I can’t remember which. I am using a VPN, so I wonder if the destination is throwing an error because of that.

There could be filtering by source IP but I see the same results here off-VPN. TBH it’s probably some broken parsing in their JavaScript, maybe they can fix it on their end, do you have a way of raising it with them?

It’s a school I’m attempting to enroll in. I don’t really have access to their IT department, and don’t think I could describe the problem well enough to faculty or advisors for them to get it fixed. I’ll see if I can get somebody spun up enough to get their IT department to contact me.

I appreciate you alleviating my concerns that it was just Brave. I don’t know why it works instantly on my phone, but I’ll see what I can get done.

Actually have you tried it with Shields down?

Seems to work OK for me when I shut off Shields for the site.

Somehow I’ve gotten it to work with shields up. I think it may be their site.

I managed to get it earlier today after switching 3 toggles off under Shields, but then turned them back on and it’s still loading in fine.

Yeah, same happened to me. But then if I clear ‘data’ for the site, it reverts to failing again.

I am thinking with Shields down it probably is allowing a cookie to get set (that isn’t allowed with them up), and thereafter if the site finds that cookie it allows the connection. Then blowing away site data starts it all over again.

I’ll keep this thread bookmarked, and reference it should I manage to get a hold of the IT department of SDI.

The more I interact, the more I’m convinced they’ve got a combination of settings that’s causing the problem.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.