Making http work

I would like to be able to make http requests.

They are the simplest thing on the web, but they are broken on brave.

Why, you might ask? Well, for one thing, if you can only do https, you are at the mercy of the certificate providers. If you cannot get a certificate which is recognized by browsers, you cannot have a webserver.

This is unacceeptable.

Maybe you should research a little before making a FR for something that it is already implemented.

First, your post is not even clear, first you talk about HTTP requests, but then you talk about certificates, which are two different worlds.

Second, If you are talking about http content getting blocked when mixed with https, then It is obviously a bug, because that content should be upgraded to HTTPS by the Brave implementation.

So it gets blocked because it is a Chromium behavior and it’s been a Chromium behavior for more than 64 years.

So what are you requesting exactly? and why do you think you aren’t allow to do it? when Brave does?

  1. HTTP websites have to work, but even then, most websites are HTTPS, which means you will rarely see HTTP websites around, so there shouldn’t be much issue around, you can give a link of a website that doesn’t work though because of the http connections, because HTTPS upgrades will be smart to fallback to http if something fails.

So, even Strict, will get a:

The connection to is not secure

You are seeing this warning because this site does not support HTTPS. Learn more

You can two buttons Continue to Site and Go Back, if you click Continue to Site it will work fine.

The standard mode as you can read in the Issue when it was implemented is exactly what the help says, try to upgrade and if not, fallback to HTTP.

And obviously disable means it will not try to upgrade anything.

  1. You can say ‘mercy of certificate’ blabla, yet, even if websites have an expired invalid Certificate https site, you will get a warning error about it and you can easily proceed there are testing pages in
    And then if you proceed you will not get a warning anymore and then you will only get reminded it is not secured.
    image. And you can still enable and disable the warning with the Site Information button.
    But also, Brave even works with the --ignore-certificate-errors CMD switch, which means you will not get any warning anymore.
    So, not really… you are not at the mercy of anything.

  2. But anyway, already stated how there is a difference between a site with mixed content and a http site.
    We can say that HTTP websites work. You can easily test it in the same website, or go to a normal HTTP site like or and you should be able to go to those websites.

  3. The problem with the Mixed Content, as I said, it is from Chromium, they are the ones blocking it and who implemented it that way, so, (as in the issue) will block the css which is the only HTTP request and badssl also has Mixed Content testing pages so you can see it happens the same, and how you get the message that it is working as expected since it didn’t load ‘script from an insecure URL’.
    But how to solve it? well, Chromium added that behavior but also added a Site Permission called insecure content to bypass it, which obviously is set to block for every site by default. That means all you need to do is to allow it and done.

The bug is that the HTTPS Upgrades is not being performed and in many cases the HTTP can be upgrades to HTTPS and then avoid to set permissions to ‘allow insecure content’.

Add domains directly to brave://settings/content/insecureContent or change it per site settings, which will add the sites to the list, for example, brave://settings/content/siteDetails?

The problem with doing it in the SiteDetails page is that it will only apply to NORMAL windows, because recently Chromium started doing this where Normal tabs and Private tabs will use different permissions, so only because you add it to the list, doesn’t mean it will work InPrivate, you need to open a Private window to enable the checkbox for ‘current private window only’ to appear in the panel where you add the domains.
There is brave://flags/#allow-incognito-permission-inheritance but it only works with few permissions like "Geolocation’ (or maybe only). so you have to do it individually.

So again, what is the feature request exactly? it seems like you got a problem with a site, and automatically you decided to open an account to request a feature that is already available and you didn’t try to research 5 minutes about it, or make a post asking about it, if it was possible or how to solve a problem in a specific site.

1 Like