Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Url bar falsely showing insecure state in 1.62+ #36024

Closed
Tracked by #8775
iccub opened this issue Feb 13, 2024 · 6 comments · Fixed by brave/brave-core#22343
Closed
Tracked by #8775

Url bar falsely showing insecure state in 1.62+ #36024

iccub opened this issue Feb 13, 2024 · 6 comments · Fixed by brave/brave-core#22343
Assignees
@soner-yuksel
Labels
OS/iOS Fixes related to iOS browser functionality priority/P2 A bad problem. We might uplift this to the next planned release. QA/No release-notes/exclude security
Milestone
1.63.x - Release #4

Comments

@iccub
Copy link

iccub commented Feb 13, 2024
edited by bsclifton
Loading

Test plan

Full discussion can be found here:
https://bravesoftware.slack.com/archives/C06UXF3KJ/p1707516746468709

  1. Visit cnn.com
  2. View a few pages. Also open some links in a new tab. Open another new tab and manually navigate to cnn.com (multiple tabs to same domain).
  3. Ensure at any given time you do not get Not Secure in the URL bar
  4. Visit Twitter.com and login
  5. Click on a few posts. Also open some posts in a new tab. Open a another new tab and manually navigate to twitter.com (multiple tabs to same domain)
  6. Ensure at any given time you do not get Not Secure in the URL bar
  7. Go to search.brave.com and search for google docs
  8. Follow the result for Google Docs
  9. Ensure at any given time you do not get Not Secure in the URL bar

Description:

Let's monitor if this still happens in 1.62 and try to look for a fix

Steps to Reproduce

  1. Browse the internet

Actual result:

URL bar says 'insecure'

image

Expected result:

Should not show it

Reproduces how often: [Easily reproduced, Intermittent Issue]

Brave Version:

  • Can you reproduce this issue with the most recent build from TestFlight?
  • Can you reproduce this issue with the previous version of the current build from TestFlight?
  • Can you reproduce this issue with the current build from AppStore?

Device details:

Website problems only:

  • Does the issue resolve itself when disabling Brave Shields?
  • Is the issue reproducible on the latest version of Mobile Safari?

Additional Information

PRs merged related with the solution to the problem and recent PRs for URL Bar / Cert Validation

brave/brave-ios#8634
brave/brave-ios#8651
brave/brave-ios#8666
brave/brave-ios#8680
brave/brave-ios#8697
brave/brave-ios#8698
brave/brave-ios#8704
@iccub iccub added the OS/iOS Fixes related to iOS browser functionality label Feb 13, 2024
@ShivanKaul
Copy link
Collaborator

@pes10k and I have both seen it happen on twitter intermittently. @fmarier suggested looking at service workers, for that reason, which I think is a good suggestion.

@bsclifton
Copy link
Member

Good discussion here:
https://bravesoftware.slack.com/archives/C06UXF3KJ/p1707516746468709

@soner-yuksel to help with next steps - adding a menu for Nightly

@iccub iccub added the priority/P2 A bad problem. We might uplift this to the next planned release. label Feb 21, 2024
@soner-yuksel
Copy link

A PR is open for improving the logging for secure content state problem

#36281

@soner-yuksel soner-yuksel mentioned this issue Feb 27, 2024
Merged
24 tasks
@soner-yuksel
Copy link

A PR is made focusing on problems

The changes are

  • Fix bugs with secureContentState being set in didFailProvisionalNavigation as URL is only ever updated in didCommit so there's a mismatch. This should NEVER be done.
  • Fix external URLs not working due to inactive tab logic.
  • Fix security certificate display showing when there's no cert at all.
  • Remove serverPinningTrust because it can mismatch in didFailProvisionalNavigation when an AppStore URL is loaded on top of a already secure page URL, then the Appstore URL assumes the cert of the page which is wrong. Apple gives us no cert on purpose so we should not store the one from chain evaluation.

@brave-builds brave-builds added this to the 1.65.x - Nightly milestone Feb 28, 2024
This was referenced Feb 28, 2024
Merged
Merged
Closed
Closed
@kjozwiak kjozwiak mentioned this issue Mar 12, 2024
Closed
26 tasks
@kylehickinson
Copy link
Collaborator

Re-opening as it still seems to be an issue

@kylehickinson kylehickinson reopened this Mar 20, 2024
@kylehickinson kylehickinson mentioned this issue Mar 20, 2024
Closed
@kylehickinson
Copy link
Collaborator

Opened a follow-up issue instead #36951

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@soner-yuksel soner-yuksel

Labels
OS/iOS Fixes related to iOS browser functionality priority/P2 A bad problem. We might uplift this to the next planned release. QA/No release-notes/exclude security
Projects
None yet
Milestone
1.63.x - Release #4
Development

Successfully merging a pull request may close this issue.

[iOS] Url bar falsely showing insecure state brave/brave-core
8 participants
@kylehickinson @kjozwiak @bsclifton @ShivanKaul @soner-yuksel @iccub @Uni-verse @brave-builds