[Follow-up] URL bar falsely showing insecure state in 1.62+

[kylehickinson]

Follow-up to #36024 as it seems to still be broken

Test plan

Full discussion can be found here:
https://bravesoftware.slack.com/archives/C06UXF3KJ/p1707516746468709

1. Visit cnn.com
2. View a few pages. Also open some links in a new tab. Open another new tab and manually navigate to cnn.com (multiple tabs to same domain).
3. Ensure at any given time you do not get Not Secure in the URL bar
4. Visit Twitter.com and login
5. Click on a few posts. Also open some posts in a new tab. Open a another new tab and manually navigate to twitter.com (multiple tabs to same domain)
6. Ensure at any given time you do not get Not Secure in the URL bar
7. Go to search.brave.com and search for google docs
8. Follow the result for Google Docs
9. Ensure at any given time you do not get Not Secure in the URL bar

Steps to Reproduce

1. Browse the internet

Actual result:

URL bar says 'insecure'

Expected result:

Should not show it

[bsclifton]

For employees, conversation taking place here:
https://bravesoftware.slack.com/archives/C06UXF3KJ/p1710943498349269

Definitely would help to trace this - document how the current behavior works, code branches, etc.

Also could be useful to compare our code to Chrome. @bridiver had some thoughts about using Chromium's webview wrapper. We could also expose the underlying wkwebview so Brave iOS can access it.

[bridiver]

I'm not sure if we should close this yet or not. I still haven't even had a chance to test it.

[kylehickinson]

We can open a follow-up again if needed, it has to be uplifted all the way to release first, as per your request

[kjozwiak]

The above requires 1.64.123 or higher for 1.64.x verification 👍 We'll need to run through the condensed list mentioned via brave/brave-core#22849 (comment).

[hffvld]

Verified on iPhone 14 and iPad Air using version(s):

Device/OS: 
- iPhone 14 / iOS 17.5
- iPad Air / iPadOS 16.7.2
Brave build: 1.64 (123)
BraveCore: 1.64.123 (123.0.6312.122)

Filed follow-up issue #37533 and #37538

STEPS:

1. Follow the steps from [Follow-up] URL bar falsely showing insecure state in 1.62+ #36951 (comment)
2. Follow the steps/test scenarios from [iOS] Update secure content state update flow brave-core#22849 (comment)
3. Verify

ACTUAL RESULTS:
Verified that no insecure state is observed when switching/opening websites

• Mobile provisioning profiles.
• Download Apple Wallet passes.
• Default Browser External Links (load a link from somewhere while the browser is both open already and closed).
• Default Browser App Links (load an appstore link from somewhere while the browser is both open already and closed).
• Back-Forward Navigation (switch between two different domains on the same tab via back/forward buttons).
• Back-Forward https to http (switch from wikipedia.org to http://neverssl.com/).
• Back-Forward http to https (switch from http://neverssl.com/ to wikipedia.org).
• Back-Forward all bad-ssl pages
• Back-Forward NTP to Https (switch from ntp to wikipedia and back)
• Basic-Authentication to secure and insecure server (account.bravesoftware.com and log-in).
• Test no internet connection refreshing google.com both offline and online.

---

iPhone

2024-04-11_14-59-19.1.mp4

iPad

2024-04-11_15-06-04.mp4