Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable "HTTPS by Default" by default #31104

Closed
arthuredelstein opened this issue Jun 16, 2023 · 9 comments · Fixed by brave/brave-core#18942
Closed

Enable "HTTPS by Default" by default #31104

arthuredelstein opened this issue Jun 16, 2023 · 9 comments · Fixed by brave/brave-core#18942
Assignees
@arthuredelstein
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass-macOS QA/Yes release-notes/exclude
Milestone
1.58.x - Release

Comments

@arthuredelstein
Copy link

Now that we have completed the rollout of HTTPS by Default using griffin, we can set the feature to be enabled by default.
@arthuredelstein arthuredelstein added OS/Android Fixes related to Android browser functionality OS/Desktop labels Jun 16, 2023
@arthuredelstein arthuredelstein self-assigned this Jun 16, 2023
@arthuredelstein arthuredelstein mentioned this issue Jun 16, 2023
Merged
25 tasks
@brave-builds brave-builds added this to the 1.58.x - Nightly milestone Jul 21, 2023
@mihaiplesa
Copy link
Contributor

@arthuredelstein

Please specify either QA/Yes or QA/No.
If you specify QA/Yes, then please also specify a test plan.
Please also specify either release-notes/include or release-notes/exclude.
For more information see https://github.com/brave/brave-browser/wiki/Missing-release-note-labels and
https://github.com/brave/brave-browser/wiki/Missing-QA-labels

@LaurenWags
Copy link
Member

@arthuredelstein please see @mihaiplesa comment from above, this issue is missing required labels and information.

cc @kjozwiak @rebron

@arthuredelstein
Copy link
Author

QA testing: Once we remove the griffin study for Nightly or Release in https://github.com/brave/brave-variations, then testing can confirm that the Https by Default feature remains enabled. See tests in #27141. I will post here when the griffin studies are removed.

@LaurenWags
Copy link
Member

@arthuredelstein sounds like this one is release-notes/exclude. Will add that label.

Also, going to add QA/Blocked label until you post here since we're dependent upon the removal of the griffin studies. Is there a planned timeline for that?

It seems like we can spot check that the feature is enabled by default, doesn't seem necessary to run through all the same tests again. Let me know if that's an accurate assessment (I believe that's what we normally do when we switch from a griffin study to enabling by default via code). cc @kjozwiak to confirm that.

@arthuredelstein
Copy link
Author

arthuredelstein commented Aug 15, 2023
edited
Loading

@arthuredelstein sounds like this one is release-notes/exclude. Will add that label.

Great, thanks.

Also, going to add QA/Blocked label until you post here since we're dependent upon the removal of the griffin studies. Is there a planned timeline for that?

Makes sense. I expect to remove griffin studies for Nightly shortly, and then for Release once the patch here has reached Release.

It seems like we can spot check that the feature is enabled by default, doesn't seem necessary to run through all the same tests again. Let me know if that's an accurate assessment (I believe that's what we normally do when we switch from a griffin study to enabling by default via code). cc @kjozwiak to confirm that.

Yes, a spot check sounds good.

@LaurenWags
Copy link
Member

@brave/qa-team to test this without waiting for the griffin studies to be removed, we can launch a clean profile and ensure no griffin studies are listed under brave://version.

Then can spot check this feature is available under shields panel and brave://settings. Once the griffin study is removed (@arthuredelstein to create PRs and to post here when this is complete) we can check that brave://version after restart and ensure the study is not being listed.

@stephendonner
Copy link

stephendonner commented Aug 18, 2023
edited
Loading

Verification PASSED using

Brave | 1.58.92 Chromium: 116.0.5845.96 (Official Build) beta (x86_64)
-- | --
Revision | 8e2896b3a1286e25b85ff82ab828fb7a807e1e26
OS | macOS Version 11.7.9 (Build 20G1426)

Initial launch - PASSED

Steps:

  1. installed 1.58.92
  2. launched Brave
  3. opened brave://version
  4. opened brave://flags

Confirmed brave://flags/#https-by-default was still Enabled by default, without Griffin-enabled studies

brave://version brave://flags
Screen Shot 2023-08-18 at 10 35 18 AM Screen Shot 2023-08-18 at 10 36 08 AM

Griffin-study removal - DEFERRED

  1. installed 1.58.92
  2. launched Brave
  3. restarted
  4. opened brave://version
  5. confirmed I saw BraveHttpsByDefaultRolloutStudy:Enabled
  6. opened brave://flags/#https-by-default
  7. confirmed I saw Default
brave://version brave://flags

Default - Upgrade connections to HTTPS, Standard - PASSED

  1. installed 1.58.92
  2. launched Brave
  3. confirmed Upgrade connections to HTTPS is set to Standard in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
default insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net (*)
Screen Shot 2023-08-18 at 10 49 31 AM Screen Shot 2023-08-18 at 10 51 56 AM Screen Shot 2023-08-18 at 10 53 00 AM Screen Shot 2023-08-18 at 10 53 53 AM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net (*)
Screen Shot 2023-08-18 at 10 59 02 AM Screen Shot 2023-08-18 at 10 58 43 AM Screen Shot 2023-08-18 at 10 58 03 AM

Upgrade connections to HTTPS, Strict - PASSED

  1. installed 1.58.92
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Strict in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradeable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Strict insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net (*)
Screen Shot 2023-08-18 at 1 20 54 PM Screen Shot 2023-08-18 at 1 27 42 PM Screen Shot 2023-08-18 at 1 23 20 PM Screen Shot 2023-08-18 at 1 24 55 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net (*)
Screen Shot 2023-08-21 at 10 58 52 AM Screen Shot 2023-08-21 at 10 58 23 AM Screen Shot 2023-08-21 at 10 59 40 AM

Upgrade connections to HTTPS, Disabled - PASSED

  1. installed 1.58.92
  2. launched Brave
  3. changed Upgrade connections to HTTPS to Disabled in brave://settings/shields
  4. loaded http://insecure.arthuredelstein.net
  5. loaded http://http.badssl.com
  6. loaded http://upgradeable.arthuredelstein.net
  7. opened a New Private Window with Tor and loaded each of the above
Upgrade connections, Disabled insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net (*)
Screen Shot 2023-08-18 at 1 49 52 PM Screen Shot 2023-08-18 at 2 00 40 PM Screen Shot 2023-08-18 at 2 02 35 PM Screen Shot 2023-08-18 at 2 03 03 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net (*)
Screen Shot 2023-08-21 at 10 31 15 AM Screen Shot 2023-08-21 at 10 32 05 AM Screen Shot 2023-08-21 at 10 38 28 AM

Shields down - PASSED

  1. installed 1.58.92
  2. launched Brave
  3. loaded http://insecure.arthuredelstein.net
  4. loaded http://http.badssl.com
  5. loaded http://upgradeable.arthuredelstein.net
  6. clicked on the Brave Shields icon in the URL bar
  7. toggled each of the above loaded sites' Shields to DOWN
  8. opened a New Private Window with Tor and loaded each of the above
Global Shields pref insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net (*)
Screen Shot 2023-08-21 at 10 43 07 AM Screen Shot 2023-08-18 at 1 47 54 PM Screen Shot 2023-08-18 at 1 48 28 PM Screen Shot 2023-08-18 at 1 49 04 PM

Tor

insecure.arthuredelstein.net http.badssl.com upgradable.arthuredelstein.net
Screen Shot 2023-08-21 at 10 45 26 AM Screen Shot 2023-08-21 at 10 46 14 AM Screen Shot 2023-08-21 at 10 46 47 AM

(*) Logged:

@stephendonner stephendonner added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Aug 18, 2023
@stephendonner stephendonner mentioned this issue Aug 18, 2023
Closed
@stephendonner stephendonner added QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Aug 22, 2023
@Uni-verse Uni-verse added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Sep 5, 2023
@Uni-verse
Copy link
Contributor

Uni-verse commented Sep 5, 2023
edited
Loading

Verified on Samsung Galaxy S21 5G using the following build(s):

Brave	1.58.115 Chromium: 116.0.5845.163 (Official Build) beta (32-bit) 
Revision	4d8f3ac31e950c7bb505b61fd9d86ed7f4888a71
OS	Android 13; Build/TP1A.220624.014; 33; REL

First Launch

  • Ensured that HTTPS by Default is enabled by default
  • Ensured Upgrade connections to HTTPS is set to default
Example Example Example
Screenshot 2023-09-05 at 7 31 45 PM Screenshot 2023-09-05 at 7 31 41 PM Screenshot 2023-09-05 at 7 40 15 PM

Functionality

  • Spot checked functionality per site and global settings using http://insecure.arthuredelstein.net and http://upgradable.arthuredelstein.net test pages.
Default Strict (per site) Disabled (per site) default default Strict (globals) Shields down
Screenshot 2023-09-05 at 7 42 48 PM Screenshot 2023-09-05 at 7 43 00 PM Screenshot 2023-09-05 at 7 43 30 PM Screenshot 2023-09-05 at 7 45 24 PM Screenshot 2023-09-05 at 7 46 31 PM Screenshot 2023-09-05 at 8 10 52 PM Screenshot 2023-09-05 at 7 55 26 PM

@kjozwiak
Copy link
Member

kjozwiak commented Sep 6, 2023

It seems like we can spot check that the feature is enabled by default, doesn't seem necessary to run through all the same tests again. Let me know if that's an accurate assessment (I believe that's what we normally do when we switch from a griffin study to enabling by default via code). cc @kjozwiak to confirm that.

Apologies for the delayed response but looks like @arthuredelstein already answered as well. Agreed, a quick spot check is basically all we really need to do. All we're doing is enabling the feature by default rather than requiring the restart to apply the study from Griffin.

@Uni-verse Uni-verse added QA Pass - Android ARM and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Sep 6, 2023
@arthuredelstein arthuredelstein mentioned this issue Jul 1, 2024
Closed
@kjozwiak kjozwiak mentioned this issue Jul 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arthuredelstein arthuredelstein

Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass-macOS QA/Yes release-notes/exclude
Projects
None yet
Milestone
1.58.x - Release
Development

Successfully merging a pull request may close this issue.

enable HttpsByDefault by default brave/brave-core
7 participants
@arthuredelstein @stephendonner @mihaiplesa @kjozwiak @Uni-verse @LaurenWags @brave-builds