HTTPS by Default (logic + desktop UI)

[arthuredelstein]

HTTPS by Default is a mode intermediate between traditional HTTP(S) handling and HTTPS-Only Mode. In HTTPS by Default, we attempt HTTPS connections first and then fall back to HTTP if HTTPS is not available for a given website.

Here's the spec and the UI design.

[diracdeltas]

should probably open a sec review for this?

[arthuredelstein]

should probably open a sec review for this?

Definitely: https://github.com/brave/security/issues/1134

[arthuredelstein]

(removed comment on wrong ticket)

[arthuredelstein]

Here is a description that I hope can facilitate QA testing:

The following are insecure websites:

• http://insecure.arthuredelstein.net
• http://http.badssl.com

The following is an upgradable site:

• http://upgradable.arthuredelstein.net

The following are possible setting for https upgrades. These settings can be applied per-site or globally:

1. Don't upgrade HTTP connnections (aka Disabled)
2. Upgrade connections to HTTPS (aka Standard; default setting)
3. Only connection with HTTPS (aka Strict)

[Shields DOWN also has the same behavior as Disabled mode.]

The resulting behaviors of the above are:

1. No URLs are modified
2. Upgradable URLs are upgraded to HTTPS and insecure URLs are not upgraded
3. Upgradable URLs are upgraded to HTTPS and insecure URLs show an error page

Normal windows and Incognito windows use Standard mode by default. Tor windows use Strict mode by default (and cannot be downgraded). Tor window settings and Incognito windows only inherit settings from normal windows if a user has tightened the normal window settings.

[kjozwiak]

@brave/qa-team can find some context of what was checked via brave/brave-variations#522 (comment). Please ping me when we're going to start verifications on the above as we'll need to push this out via Griffin on BETA as well.

[stephendonner]

Verification PASSED using

Brave	1.50.106 Chromium: 112.0.5615.39 (Official Build) beta (x86_64)
Revision	a0e7b9718a92bcd1cf33b7c95316caff3fc20714-refs/branch-heads/5615@{#753}
OS	macOS Version 11.7.4 (Build 20G1120)

Griffin study - PASSED

1. installed 1.50.106
2. launched Brave
3. restarted
4. opened brave://version
5. confirmed I saw BraveHttpsByDefaultRolloutStudy:Enabled
6. opened brave://flags/#https-by-default
7. confirmed I saw Default

brave://version	brave://flags

---

Default - Upgrade connections to HTTPS, Standard - PASSED

1. installed 1.50.106
2. launched Brave
3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
4. loaded http://insecure.arthuredelstein.net
5. loaded http://http.badssl.com
6. loaded http://upgradeable.arthuredelstein.net
7. opened a New Private Window with Tor and loaded each of the above

default	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Tor

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Upgrade connections to HTTPS, Strict - PASSED

1. installed 1.50.106
2. launched Brave
3. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
4. loaded http://insecure.arthuredelstein.net
5. loaded http://http.badssl.com
6. loaded http://upgradeable.arthuredelstein.net
7. opened a New Private Window with Tor and loaded each of the above

Upgrade connections, Strict	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Tor

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Upgrade connections to HTTPS, Disabled - PASSED

1. installed 1.50.106
2. launched Brave
3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
4. loaded http://insecure.arthuredelstein.net
5. loaded http://http.badssl.com
6. loaded http://upgradeable.arthuredelstein.net
7. opened a New Private Window with Tor and loaded each of the above

Upgrade connections, Disabled	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Tor

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Between-window-type preferences - PASSED

Regular --> Private window, upgrade - PASSED

• loaded http://insecure.arthuredelstein.net in a normal window
• clicked on the Shields icon
• changed Upgrade connections to HTTPS in the Advanced controls view to Only connect with HTTPS
• loaded http://insecure.arthuredelstein.net in a Private (not Tor) window
• clicked on the Shields icon
• confirmed I saw the The connection to insecure.arthuredelstein.net is not secure interstitial warning
• clicked through via Continue to site
• confirmed it loaded, printing Hello

example	example	example	example

Regular --> Private window, downgrade: - PASSED

• loaded http://insecure.arthuredelstein.net in a normal window
• clicked on the Shields icon
• changed Upgrade connections to HTTPS in the Advanced controls view to Don't upgrade HTTP connections
• loaded http://insecure.arthuredelstein.net in a Private (not Tor) window
• clicked on the Shields icon
• confirmed it loaded, printing Hello

normal window	Private window

Shields down - PASSED

1. installed 1.50.106
2. launched Brave
3. loaded http://insecure.arthuredelstein.net
4. loaded http://http.badssl.com
5. loaded http://upgradeable.arthuredelstein.net
6. clicked on the Brave Shields icon in the URL bar
7. toggled each of the above loaded sites' Shields to DOWN
8. opened a New Private Window with Tor and loaded each of the above

Global Shields pref	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Tor

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

(Pref) Migrations - PASSED

defaults - PASSED

1. installed 1.49.128
2. confirmed default of Always use secure connections set to Off in brave://settings/security
3. upgraded to 1.50.106 by renaming Brave-Browser profile to Brave-Browser-Beta
4. launched Brave
5. confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Standard

1.49.128	1.50.106

Always use secure connections set to On - PASSED

1. installed 1.49.128
2. clicked to toggle Always use secure connections set to On in brave://settings/security
3. upgraded to 1.50.106 by renaming Brave-Browser profile to Brave-Browser-Beta
4. launched Brave
5. confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Strict

1.49.128	1.50.106

[kjozwiak]

@stephendonner looking good 👍 The main commented that I wanted to make/check with @arthuredelstein is if we need #28792 uplifted into 1.50.x as well which I ran into while verifying #28540.

[stephendonner]

@stephendonner looking good 👍 The main commented that I wanted to make/check with @arthuredelstein is if we need #28792 uplifted into 1.50.x as well which I ran into while verifying #28540.

Thanks for the feedback! I'll also be sure to add "Confirmed {expectation}" to each of the cases, before calling it 👍

[MadhaviSeelam]

Verification PASSED using

Brave | 1.50.107 Chromium: 112.0.5615.39 (Official Build) beta (64-bit)
-- | --
Revision | a0e7b9718a92bcd1cf33b7c95316caff3fc20714-refs/branch-heads/5615@{#753}
OS | Windows 11 Version 22H2 (Build 22621.1413)

Testcase 1: Griffin study - PASSED

1. installed 1.50.107
2. launched Brave
3. restarted
4. opened brave://version
5. confirmed I saw BraveHttpsByDefaultRolloutStudy:Enabled
6. opened brave://flags/#https-by-default
7. confirmed I saw Default

before restart	brave://version	brave://flags

Test Case 2: HTTPS Default UI in brave://settings/shields and Shields panel - PASSED

Dark mode

brave://settings/shields	Shields panel

Light mode:

brave://settings/shields	Shields panel

Test Case 3: Set Global settings for Https Default - PASSED

Case 1: Upgrade connections to HTTPS - Standard; default setting - PASSED

1. continued from Testcase 1
2. launched Brave
3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
4. loaded http://insecure.arthuredelstein.net
5. loaded http://http.badssl.com
6. loaded http://upgradable.arthuredelstein.net
7. opened a New private window
8. opened a New private window with Tor and loaded each of the above

Normal window

default	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window with Tor

Confirmed since Tor windows always use Strict mode though Normal window setting is Standard

Confirmed Shields panel do not show HTTPS Upgrade connections dropdown in the Advanced controls

Confirmed insecure connection interstitial page displayed for `http://insecure.arthuredelstein.net/

Confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues

Confirmed insecure connection interstitial page displayed for http://http.badssl.com/

Confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues

Confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Case 2: Upgrade connections to HTTPS - Strict - PASSED

1. new profile
2. launched Brave
3. relaunched Brave to pull in griffin (from Case 1)
4. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
5. loaded http://insecure.arthuredelstein.net in a new tab
6. click on Shields icon to open Shields panel for the site
7. confirmed only connect with Https selection is selected
8. loaded http://http.badssl.com
9. loaded http://upgradable.arthuredelstein.net
10. opened a New private window
11. opened a New Private Window with Tor and loaded each of the above

New window

Upgrade connections, Strict	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window with Tor

Confirmed since Tor windows always use Strict mode and Normal window setting is Strict

Confirmed Shields panel do not show HTTPS Upgrade connections dropdown in the Advanced controls

Confirmed insecure connection interstitial page displayed for `http://insecure.arthuredelstein.net/

Confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues

Confirmed insecure connection interstitial page displayed for http://http.badssl.com/

Confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues

Confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Case 3: Upgrade connections to HTTPS - Disabled - PASSED

1. new profile
2. launched Brave
3. relaunched Brave to pull in griffin (from Case 1)
4. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
5. loaded http://insecure.arthuredelstein.net
6. loaded http://http.badssl.com
7. loaded http://upgradable.arthuredelstein.net
8. opened a New Private Window with Tor and loaded each of the above

Upgrade connections, Disabled	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window with Tor

Confirmed since Tor windows always use Strict mode though Normal window setting is Disabled

• confirmed Shields panel do not show HTTPS Upgrade connections dropdown in the Advanced controls
• confirmed insecure connection interstitial page displayed for `http://insecure.arthuredelstein.net/
• confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues
• confirmed insecure connection interstitial page displayed for http://http.badssl.com/
• confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues
• confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Testcase 4: Between-window-type preferences - PASSED

Case 1: Regular --> Private window, upgrade - PASSED

1. loaded http://insecure.arthuredelstein.net in a normal window
2. clicked on the Shields icon
3. default option Upgrade connections to HTTPS is shown in the Advanced controls
4. changed from Upgrade connections to HTTPS to Only connect with HTTPS
5. loaded http://insecure.arthuredelstein.net in a Private (not Tor) window
6. confirmed the The connection to insecure.arthuredelstein.net is not secure interstitial warning is displayed
7. clicked through via Continue to site
8. confirmed it loaded, printing Hello
9. clicked on the Shields icon

confirmed Only connect with HTTPS selection was shown in the Advance Controls

step 3	step 4	step 8	result

Case 2: Regular --> Private window, downgrade: - PASSED

1. loaded http://insecure.arthuredelstein.net in a normal window
2. clicked on the Shields icon
3. default option Upgrade connections to HTTPS is shown in the Advanced controls
4. changed from Upgrade connections to HTTPS to Don't upgrade HTTP connections
5. loaded http://insecure.arthuredelstein.net in a Private (not Tor) window
6. confirmed it loaded, printing Hello
7. clicked on the Shields icon

Confirmed Normal window selection i.e. Don't upgrade HTTP connections selection was not leaked/shown in the Advance Controls for Private window

step 3	step 4	result

Brave | 1.50.110 Chromium: 112.0.5615.49 (Official Build) (64-bit)
-- | --
Revision | bd2a7bcb881c11e8cfe3078709382934e3916914-refs/branch-heads/5615@{#936}
OS | Windows 11 Version 22H2 (Build 22621.1413)

Test Case 5: Set per-site settings for Https Default - PASSED

Case 1: Upgrade connections to HTTPS - PASSED

1. new profile
2. launched Brave
3. enabled #Use HTTPS by Default in brave://flags
4. visited http://insecure.arthuredelstein.net
5. click on the Shields icon
6. confirmed Upgrade connections to HTTPS is displayed as default
7. loaded http://http.badssl.com
8. loaded http://upgradable.arthuredelstein.net
9. opened a New private window
10. opened a New private window with Tor and loaded each of the above

Normal window

• confirmed that http://insecure.arthuredelstein.net/ loads without any issues
• confirmed that http://http.badssl.com/ loads without any issues
• confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http://http.badssl.com/	upgradable.arthuredelstein.net

Private window

• confirmed that Upgrade connections to HTTPS is displayed as default in the Shields panel
• confirmed that http://insecure.arthuredelstein.net/ loads without any issues
• confirmed that http://http.badssl.com/ loads without any issues
• confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http://http.badssl.com/	upgradable.arthuredelstein.net

New private window with Tor

• confirmed Shields panel do not show Upgrade connections dropdown in the Advanced controls
• confirmed insecure connection interstitial page displayed for `http://insecure.arthuredelstein.net/
• confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues
• confirmed insecure connection interstitial page displayed for http://http.badssl.com/
• confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues
• confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http://http.badssl.com/	upgradable.arthuredelstein.net

Case 2: Only connection with HTTPS - PASSED

1. new profile
2. launched Brave
3. enabled #Use HTTPS by Default in brave://flags
4. visited http://insecure.arthuredelstein.net
5. click Shields icon
6. Shields panel shows default Upgrade connections to HTTPS
7. changed Only connection with HTTPS in the Shields panel
8. confirmed The connection to insecure.arthuredelstein.net is not secure message displayed
9. clicked Continue to Site
10. confirmed http://insecure.arthuredelstein.net/ loads without any issues
11. loaded http://http.badssl.com
12. followed step 5-7 and results are same expected in step 9
13. confirmed The connection to http.badssl.com is not secure message shown
14. clicked Continue to Site
15. confirmed http://http.badssl.com loads without issues
16. loaded http://upgradable.arthuredelstein.net
17. confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)
18. opened a New private window and verified as above
19. opened a New Private Window with Tor and verified as above

Normal window

step 6	step 7	step 8	step 10	step 11	step 14	step 15	step 16

Private window

• confirmed http://insecure.arthuredelstein.net/ page loads without any issues after clicking Continue to site
• confirmed http://http.badssl.com loads without issues without any issues after clicking Continue to site
• confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net

ex	ex

http://http.badssl.com

ex	ex

https://upgradable.arthuredelstein.net/

New private window with Tor

• confirmed http://insecure.arthuredelstein.net/ page loads without any issues after clicking Continue to site
• confirmed http://http.badssl.com loads without issues without any issues after clicking Continue to site
• confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net

ex	ex

http://http.badssl.com

ex	ex

https://upgradable.arthuredelstein.net/

ex	ex

Case 3: Don't upgrade HTTP connections - PASSED

1. new profile
2. launched Brave
3. enabled #Use HTTPS by Default in brave://flags
4. visited http://insecure.arthuredelstein.net
5. click Shields icon
6. Shields panel shows default Upgrade connections to HTTPS
7. changed Don't upgrade HTTP connections in the Shields panel
8. confirmed the site http://insecure.arthuredelstein.net is not upgraded and loaded without issues
9. loaded http://http.badssl.com
10. confirmed the site http://http.badssl.com is not upgraded and loaded without issues
11. loaded http://upgradable.arthuredelstein.net
12. changed to Don't upgrade HTTP connections
13. close the tab and reload http://upgradable.arthuredelstein.net
14. confirmed http://upgradable.arthuredelstein.net/ is not upgraded to HTTPS and site loaded without issues
15. opened a New private window and verified as above
16. opened a New Private Window with Tor and verified as above

Normal window

step 6	step 8	step 9	step 14

Private windows

• Confirmed Don't upgrade HTTP connections from normal window not leaked/downgraded and Upgrade connections to HTTPS, which is default, is shown in the Shields panel for http://insecure.arthuredelstein.net` and the site loaded without issues
• Confirmed Don't upgrade HTTP connections from normal window not leaked/downgraded and Upgrade connections to HTTPS, which is default, is shown in the Shields panel for for http://http.badssl.com and site loaded without issues
• Confirmed Don't upgrade HTTP connections from normal window not leaked/downgraded and Upgrade connections to HTTPS, which is default, is shown in the Shields panel for http://upgradable.arthuredelstein.net
  • Confirmed http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net

insecure.arthuredelstein.net	http://http.badssl.com	http://upgradable.arthuredelstein.net

New private window with Tor

• confirmed http://insecure.arthuredelstein.net/ page loads without any issues after clicking Continue to site
• confirmed http://http.badssl.com loads without issues without any issues after clicking Continue to site
• confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

http://insecure.arthuredelstein.net

ex	ex

http://http.badssl.com

ex	ex

Test Case 6: Shields down - PASSED

1. installed 1.50.106
2. launched Brave
3. loaded http://insecure.arthuredelstein.net
4. loaded http://http.badssl.com
5. loaded http://upgradable.arthuredelstein.net
6. clicked on the Brave Shields icon in the URL bar
7. toggled each of the above loaded sites' Shields to DOWN
8. opened a New Private Window with Tor and loaded each of the above

• Confirmed Shields DOWN behavior shown same behavior as Disabled mode for all three sites.
• Confirmed the site http://insecure.arthuredelstein.net is not upgraded and loaded without issues
• Confirmed the site http://http.badssl.com is not upgraded and loaded without issues
• Confirmed http://upgradable.arthuredelstein.net/ is not upgraded to HTTPS and site loaded without issues

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Private window

• Confirmed Shields Down selection shown in the Shields panel for http://insecure.arthuredelstein.net` and the site loaded without issues
• Confirmed Shields Down selection shown in the Shields panel for http://http.badssl.com and site loaded without issues
• Confirmed Shield Down selection shown in the Shields panel for http://upgradable.arthuredelstein.net
  • Confirmed http://upgradable.arthuredelstein.net NOT upgraded

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Private window with Tor

• confirmed http://insecure.arthuredelstein.net/ page loads without any issues after clicking Continue to site
• confirmed http://http.badssl.com loads without issues without any issues after clicking Continue to site
• confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net

ex	ex

http.badssl.com

ex	ex

upgradable.arthuredelstein.net

Testcase 7: (Pref) Migrations - PASSED

Case 1: defaults - PASSED

1. installed 1.49.128
2. confirmed default of Always use secure connections set to Off in brave://settings/security
3. visited http://upgradable.arthuredelstein.net in a new tab
4. Shields panel shows Upgrade connections to HTTPS enabled
5. upgraded to 1.50.110
6. launched Brave

• Confirmed Shields panel shows new UI with 3 options for Https by default.
• Confirmed brave://settings/shields show new UI with 3 options for Upgrade connections to HTTPS
• Confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Standard
• Confirmed http://upgradable.arthuredelstein.net shows Upgrade connections to HTTPS

149.132	1.50.110	Shields panel

Case 2" Always use secure connections set to On - PASSED

1. installed 1.49.128
2. clicked to toggle Always use secure connections set to On in brave://settings/security
3. visited http://insecure.arthuredelstein.net/ in a new tab
4. Shields panel shows Upgrade connections to HTTPS enabled
5. upgraded to 1.50.110
6. launched Brave

• Confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Strict
• Confirmed Shields panel shows only connect with HTTPS option selected

step 2	step 4`	result (1.50.x)	result(1.50.x)

[stephendonner]

NOTE: I plan on tackling brave/brave-core#17801 for brave/brave-core#17421 on its own in the 1.50.x cycle, just FYI

[GeetaSarvadnya]

Verification PASSED on

Brave	1.50.108 Chromium: 112.0.5615.39 (Official Build) (64-bit) 
Revision	a0e7b9718a92bcd1cf33b7c95316caff3fc20714-refs/branch-heads/5615@{#753}
OS	Linux

Testcase 1: Griffin study - PASSED

1. installed 1.50.107
2. launched Brave
3. restarted
4. opened brave://version
5. confirmed I saw BraveHttpsByDefaultRolloutStudy:Enabled
6. opened brave://flags/#https-by-default
7. confirmed I saw Default

brave://flags	brave://version

Test Case 2: HTTPS Default UI in brave://settings/shields and Shields panel - PASSED

Dark mode

brave://settings/shields	Shields panel

Light mode:

brave://settings/shields	Shields panel

Test Case 3: Set Global settings for Https Default - PASSED

Case 1: Upgrade connections to HTTPS - Standard; default setting - PASSED

1. continued from Testcase 1
2. launched Brave
3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
4. loaded http://insecure.arthuredelstein.net
5. loaded http://http.badssl.com
6. loaded http://upgradable.arthuredelstein.net
7. opened a New private window
8. opened a New private window with Tor and loaded each of the above

Normal window

default	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window with Tor

Confirmed since Tor windows always use Strict mode though Normal window setting is Standard

Confirmed Shields panel do not show HTTPS Upgrade connections dropdown in the Advanced controls

Confirmed insecure connection interstitial page displayed for `http://insecure.arthuredelstein.net/

Confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues

Confirmed insecure connection interstitial page displayed for http://http.badssl.com/

Confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues

Confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Case 2: Upgrade connections to HTTPS - Strict - PASSED

1. new profile
2. launched Brave
3. relaunched Brave to pull in griffin (from Case 1)
4. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
5. loaded http://insecure.arthuredelstein.net in a new tab
6. click on Shields icon to open Shields panel for the site
7. confirmed only connect with Https selection is selected
8. loaded http://http.badssl.com
9. loaded http://upgradable.arthuredelstein.net
10. opened a New private window
11. opened a New Private Window with Tor and loaded each of the above

New window

Upgrade connections, Strict	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window with Tor

Confirmed since Tor windows always use Strict mode and Normal window setting is Strict

Confirmed Shields panel do not show HTTPS Upgrade connections dropdown in the Advanced controls

Confirmed insecure connection interstitial page displayed for `http://insecure.arthuredelstein.net/

Confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues

Confirmed insecure connection interstitial page displayed for http://http.badssl.com/

Confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues

Confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Case 3: Upgrade connections to HTTPS - Disabled - PASSED

1. new profile
2. launched Brave
3. relaunched Brave to pull in griffin (from Case 1)
4. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
5. loaded http://insecure.arthuredelstein.net
6. loaded http://http.badssl.com
7. loaded http://upgradable.arthuredelstein.net
8. opened a New Private Window with Tor and loaded each of the above

Upgrade connections, Disabled	insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

New private window with Tor

Confirmed since Tor windows always use Strict mode though Normal window setting is Disabled

• confirmed Shields panel do not show HTTPS Upgrade connections dropdown in the Advanced controls
• confirmed insecure connection interstitial page displayed for `http://insecure.arthuredelstein.net/
• confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues
• confirmed insecure connection interstitial page displayed for http://http.badssl.com/
• confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues
• confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Testcase 4: Between-window-type preferences - PASSED

Case 1: Regular --> Private window, upgrade - PASSED

1. loaded http://insecure.arthuredelstein.net in a normal window
2. clicked on the Shields icon
3. default option Upgrade connections to HTTPS is shown in the Advanced controls
4. changed from Upgrade connections to HTTPS to Only connect with HTTPS
5. loaded http://insecure.arthuredelstein.net in a Private (not Tor) window
6. confirmed the The connection to insecure.arthuredelstein.net is not secure interstitial warning is displayed
7. clicked through via Continue to site
8. confirmed it loaded, printing Hello
9. clicked on the Shields icon

confirmed Only connect with HTTPS selection was shown in the Advance Controls

step 3	step 4	step 8	result

Case 2: Regular --> Private window, downgrade: - PASSED

1. loaded http://insecure.arthuredelstein.net in a normal window
2. clicked on the Shields icon
3. default option Upgrade connections to HTTPS is shown in the Advanced controls
4. changed from Upgrade connections to HTTPS to Don't upgrade HTTP connections
5. loaded http://insecure.arthuredelstein.net in a Private (not Tor) window
6. confirmed it loaded, printing Hello
7. clicked on the Shields icon

Confirmed Normal window selection i.e. Don't upgrade HTTP connections selection was not leaked/shown in the Advance Controls for Private window

step 3	step 4	result

Test Case 5: Set per-site settings for Https Default - PASSED

Case 1: Upgrade connections to HTTPS - PASSED

1. new profile
2. launched Brave
3. enabled #Use HTTPS by Default in brave://flags
4. visited http://insecure.arthuredelstein.net
5. click on the Shields icon
6. confirmed Upgrade connections to HTTPS is displayed as default
7. loaded http://http.badssl.com
8. loaded http://upgradable.arthuredelstein.net
9. opened a New private window
10. opened a New private window with Tor and loaded each of the above

Normal window

• confirmed that http://insecure.arthuredelstein.net/ loads without any issues
• confirmed that http://http.badssl.com/ loads without any issues
• confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http://http.badssl.com/	upgradable.arthuredelstein.net

Private window

• confirmed that Upgrade connections to HTTPS is displayed as default in the Shields panel
• confirmed that http://insecure.arthuredelstein.net/ loads without any issues
• confirmed that http://http.badssl.com/ loads without any issues
• confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http://http.badssl.com/	upgradable.arthuredelstein.net

New private window with Tor

• confirmed Shields panel do not show Upgrade connections dropdown in the Advanced controls
• confirmed insecure connection interstitial page displayed for `http://insecure.arthuredelstein.net/
• confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues
• confirmed insecure connection interstitial page displayed for http://http.badssl.com/
• confirmed when clicked on interstitial page, http://insecure.arthuredelstein.net/ loads without any issues
• confirmed that http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net	http://http.badssl.com/	upgradable.arthuredelstein.net

Case 2: Only connection with HTTPS - PASSED

1. new profile
2. launched Brave
3. enabled #Use HTTPS by Default in brave://flags
4. visited http://insecure.arthuredelstein.net
5. click Shields icon
6. Shields panel shows default Upgrade connections to HTTPS
7. changed Only connection with HTTPS in the Shields panel
8. confirmed The connection to insecure.arthuredelstein.net is not secure message displayed
9. clicked Continue to Site
10. confirmed http://insecure.arthuredelstein.net/ loads without any issues
11. loaded http://http.badssl.com
12. followed step 5-7 and results are same expected in step 9
13. confirmed The connection to http.badssl.com is not secure message shown
14. clicked Continue to Site
15. confirmed http://http.badssl.com loads without issues
16. loaded http://upgradable.arthuredelstein.net
17. confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)
18. opened a New private window and verified as above
19. opened a New Private Window with Tor and verified as above

Normal window

step 6	step 7 to step 8	step 10	step 11	step 14 to step 15	step 16

Private window

• confirmed http://insecure.arthuredelstein.net/ page loads without any issues after clicking Continue to site
• confirmed http://http.badssl.com loads without issues without any issues after clicking Continue to site
• confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net

ex	ex

http://http.badssl.com

ex	ex

https://upgradable.arthuredelstein.net/

New private window with Tor

• confirmed http://insecure.arthuredelstein.net/ page loads without any issues after clicking Continue to site
• confirmed http://http.badssl.com loads without issues without any issues after clicking Continue to site
• confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net

ex	ex

http://http.badssl.com

ex	ex

https://upgradable.arthuredelstein.net/

Case 3: Don't upgrade HTTP connections - PASSED

1. new profile
2. launched Brave
3. enabled #Use HTTPS by Default in brave://flags
4. visited http://insecure.arthuredelstein.net
5. click Shields icon
6. Shields panel shows default Upgrade connections to HTTPS
7. changed Don't upgrade HTTP connections in the Shields panel
8. confirmed the site http://insecure.arthuredelstein.net is not upgraded and loaded without issues
9. loaded http://http.badssl.com
10. confirmed the site http://http.badssl.com is not upgraded and loaded without issues
11. loaded http://upgradable.arthuredelstein.net
12. changed to Don't upgrade HTTP connections
13. close the tab and reload http://upgradable.arthuredelstein.net
14. confirmed http://upgradable.arthuredelstein.net/ is not upgraded to HTTPS and site loaded without issues
15. opened a New private window and verified as above
16. opened a New Private Window with Tor and verified as above

Normal window

step 6	step 7 to 8	step 9	step 14

Private windows

• Confirmed Don't upgrade HTTP connections from normal window not leaked/downgraded and Upgrade connections to HTTPS, which is default, is shown in the Shields panel for http://insecure.arthuredelstein.net` and the site loaded without issues
• Confirmed Don't upgrade HTTP connections from normal window not leaked/downgraded and Upgrade connections to HTTPS, which is default, is shown in the Shields panel for for http://http.badssl.com and site loaded without issues
• Confirmed Don't upgrade HTTP connections from normal window not leaked/downgraded and Upgrade connections to HTTPS, which is default, is shown in the Shields panel for http://upgradable.arthuredelstein.net
  • Confirmed http://upgradable.arthuredelstein.net -> https://upgradable.arthuredelstein.net

insecure.arthuredelstein.net	http://http.badssl.com	http://upgradable.arthuredelstein.net

New private window with Tor

• confirmed http://insecure.arthuredelstein.net/ page loads without any issues after clicking Continue to site
• confirmed http://http.badssl.com loads without issues without any issues after clicking Continue to site
• confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

http://insecure.arthuredelstein.net

ex	ex

http://http.badssl.com

ex	ex

Test Case 6: Shields down - PASSED

1. installed 1.50.106
2. launched Brave
3. loaded http://insecure.arthuredelstein.net
4. loaded http://http.badssl.com
5. loaded http://upgradable.arthuredelstein.net
6. clicked on the Brave Shields icon in the URL bar
7. toggled each of the above loaded sites' Shields to DOWN
8. opened a New Private Window with Tor and loaded each of the above

• Confirmed Shields DOWN behavior shown same behavior as Disabled mode for all three sites.
• Confirmed the site http://insecure.arthuredelstein.net is not upgraded and loaded without issues
• Confirmed the site http://http.badssl.com is not upgraded and loaded without issues
• Confirmed http://upgradable.arthuredelstein.net/ is not upgraded to HTTPS and site loaded without issues

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Private window

• Confirmed Shields Down selection shown in the Shields panel for http://insecure.arthuredelstein.net` and the site loaded without issues
• Confirmed Shields Down selection shown in the Shields panel for http://http.badssl.com and site loaded without issues
• Confirmed Shield Down selection shown in the Shields panel for http://upgradable.arthuredelstein.net
  • Confirmed http://upgradable.arthuredelstein.net NOT upgraded

insecure.arthuredelstein.net	http.badssl.com	upgradable.arthuredelstein.net

Private window with Tor

• confirmed http://insecure.arthuredelstein.net/ page loads without any issues after clicking Continue to site
• confirmed http://http.badssl.com loads without issues without any issues after clicking Continue to site
• confirmed http://upgradable.arthuredelstein.net/ -> https://upgradable.arthuredelstein.net/ (connection upgraded)

insecure.arthuredelstein.net

ex	ex

http.badssl.com

ex	ex

upgradable.arthuredelstein.net

Testcase 7: (Pref) Migrations - PASSED

Case 1: defaults - PASSED

1. installed 1.49.128
2. confirmed default of Always use secure connections set to Off in brave://settings/security
3. visited http://upgradable.arthuredelstein.net in a new tab
4. Shields panel shows Upgrade connections to HTTPS enabled
5. upgraded to 1.50.110
6. launched Brave

• Confirmed Shields panel shows new UI with 3 options for Https by default.
• Confirmed brave://settings/shields show new UI with 3 options for Upgrade connections to HTTPS
• Confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Standard
• Confirmed http://upgradable.arthuredelstein.net shows Upgrade connections to HTTPS
• Ensured that the Always use secure connections settings is removed from brave://settings/security in 1.50.x

149.132	149.132	1.50.110	1.50.110	1.50.110

Case 2" Always use secure connections set to On - PASSED

1. installed 1.49.128
2. clicked to toggle Always use secure connections set to On in brave://settings/security
3. visited http://insecure.arthuredelstein.net/ in a new tab
4. Shields panel shows Upgrade connections to HTTPS enabled
5. upgraded to 1.50.110
6. launched Brave

• Confirmed via brave://settings/shields that Upgrade connections to HTTPS is set to Strict
• Confirmed Shields panel shows only connect with HTTPS option selected
• Ensured that the Always use secure connections settings is removed from brave://settings/security in 1.50.x

step 2	step 4	step 4.1	result (1.50.x)	result(1.50.x)	result(1.50.x)