JoShu
January 9, 2025, 7:38pm
1
Description of the issue:
Inconsistent Settings Behavior - “Upgrade connections to HTTPS” setting not working in Private Mode, but works fine in Normal mode.
How can this issue be reproduced?
Compare how it works correctly in Normal Mode vs how it does not work in Private Mode:
Normal / Standard / Regular Mode (not Private mode)
brave://settings/shields
Upgrade connections to HTTPS, set to Disabled
Open Brave , in regular mode , i.e. not In Private mode
Open a http url , i.e. not a https url e.g. http://httpforever.com/
Observe there is no warning screen, i.e. the http site loads
Click on Brave Lion
Observe that it is set to “Don’t upgrade connections” (corresponding to “Disabled” from above)
Private Mode
brave://settings/shields
Upgrade connections to HTTPS, set to Disabled
Open Brave in Private mode
Open a http url e.g. http://httpforever.com/
Observe the warning screen , click Continue to site
http site now loads
Click on Brave Lion
Observe that it is set to Upgrade connections to HTTPS i.e. it is not set to Disabled / “Don’t upgrade connections”
Expected Result:
Upgrade connections to HTTPS, set to Disabled, should work in Private mode, not just non-Private mode.
Brave Version:
Version 1.73.105 Chromium: 131.0.6778.265 (Official Build) (64-bit)
Reproducible on current live release (yes/no):
yes, as of 2025, Jan 9 using the version listed above
Additional Information:
Numerous posts exists about “Upgrade connections to HTTPS”
https://community.brave.com/search?q=Upgrade%20connections%20to%20HTTPS
Most posts are old or do not specifically address Private mode.
May 2020 - Disabling “Upgrade connections to HTTPS” is not working
I’m using Brave for development and I have a HTTP server running on local port 8108.
Even with the “Upgrade connections to HTTPS” option disabled, Brave upgrades my HTTP requests do HTTPS:
[brave]
This behavior does not occur with Chromium or Google Chrome:
[google]
How can this issue be reproduced?
Start a local HTTP/HTTPS service;
Disable “Upgrade connections to HTTPS” option;
Start a second local Web application that makes HTTP requests to the first one;
Open Developer Tools and watch …
official response : “Fixed in Version 1.10.93 Chromium: 83.0.4103.106 (Official Build) (64-bit)”
However, the OP does not indicate whether they are using Private mode or not.
Presumably not and that the fix was only for non-Private mode.
Oct 2024 - Private/Incognito needs global Do not upgrade to HTTPS
The shield settings to disable the forced upgrade of HTTP to HTTPS works fine in normal browsing windows but when using Private Window it forces it on for every site visited and there are a lot of site where the fallback to HTTP does not work. It results in the “ERR_TOO_MANY_REDIRECTS” error. I did the standard clear cookies, cache, history etc… But that does not work. Once I open the shield and change the dropdown to “Don’t upgrade HTTP connections” the sites load without issue but doing that p…
Several users confirm this problem, describing it in different ways.
I conclude from my (non-exhaustive) search that this is a unique problem and a legitimate Feature Request.
@JoShu I tested and see what you’re saying, that opening in Private causes it to default to Upgrade Connections to HTTPS
even if you have global and/or specific site settings to Disabled
.
As I contemplated this, I wondered if it is a bug. I’m guessing it may be more of a “feature” as Private
or Incognito
tends to want to have higher privacy. HTTP would be unsecured connection, which wouldn’t be very “private.”
That said, I’m going to tag in @fanboynz and @Mattches to see if either can provide feedback on it. Do keep in mind that it’s very late on Friday night right now, so it may be a little while before we hear back on anything.
I thought this actually was something that was forced by Private browsing but I’m not entirely sure. Further I’ve just found this issue here (opened a while ago now at this point) which seems to indicate that should not be the case:
opened 12:00AM - 18 Oct 23 UTC
OS/Android
OS/Desktop
privacy/https-upgrades
## Steps to Reproduce
1. Disable HTTPS upgrade via `Settings > Shields >… Upgrade connections to HTTPS > Disabled`
2. Open a new Private Window
3. Browser to http://upgradable.arthuredelstein.net
## Actual result:
It upgrades the page to https://upgradable.arthuredelstein.net
## Expected result:
It should load the page at http://upgradable.arthuredelstein.net
## Reproduces how often:
Easily
I’ve asked some folks on the team to confirm whether or not this behavior should be expected.