Url bar falsely showing insecure state in 1.62+

[soner-yuksel]

Test plan

Full discussion can be found here:
https://bravesoftware.slack.com/archives/C06UXF3KJ/p1707516746468709

1. Visit cnn.com
2. View a few pages. Also open some links in a new tab. Open another new tab and manually navigate to cnn.com (multiple tabs to same domain).
3. Ensure at any given time you do not get Not Secure in the URL bar
4. Visit Twitter.com and login
5. Click on a few posts. Also open some posts in a new tab. Open a another new tab and manually navigate to twitter.com (multiple tabs to same domain)
6. Ensure at any given time you do not get Not Secure in the URL bar
7. Go to search.brave.com and search for google docs
8. Follow the result for Google Docs
9. Ensure at any given time you do not get Not Secure in the URL bar

Description:

Let's monitor if this still happens in 1.62 and try to look for a fix

Steps to Reproduce

1. Browse the internet

Actual result:

URL bar says 'insecure'

Expected result:

Should not show it

Reproduces how often: [Easily reproduced, Intermittent Issue]

Brave Version:

• Can you reproduce this issue with the most recent build from TestFlight?
• Can you reproduce this issue with the previous version of the current build from TestFlight?
• Can you reproduce this issue with the current build from AppStore?

Device details:

Website problems only:

• Does the issue resolve itself when disabling Brave Shields?
• Is the issue reproducible on the latest version of Mobile Safari?

Additional Information

PRs merged related with the solution to the problem and recent PRs for URL Bar / Cert Validation

#8634
#8651
#8666
#8680
#8697
#8698
#8704

A PR is made focusing on problems

The changes are

Fix bugs with secureContentState being set in didFailProvisionalNavigation as URL is only ever updated in didCommit so there's a mismatch. This should NEVER be done.
Fix external URLs not working due to inactive tab logic.
Fix security certificate display showing when there's no cert at all.
Remove serverPinningTrust because it can mismatch in didFailProvisionalNavigation when an AppStore URL is loaded on top of a already secure page URL, then the Appstore URL assumes the cert of the page which is wrong. Apple gives us no cert on purpose so we should not store the one from chain evaluation.

[soner-yuksel]

This ticket is copy of brave/brave-browser#36024. It is created by the request of Quality Assurance team for tracking purposes of hotfix.

[kjozwiak]

Closing as the above was merged into 1.62.x and will be released via the 1.62.1 HF as per https://bravesoftware.slack.com/archives/C06UXF3KJ/p1709156791608489.

Similar to #8777 (comment), we'll need to quickly spot check the 1.65.x build based on brave-core before uplifting into 1.65.x & 1.64.x via brave/brave-core#22379 & brave/brave-core#22380. But we can do that once the 1.62.1 HF goes out 👍

[hffvld]

Verified on iPhone 14 and iPad Air using version(s):

Device/OS: 
- iPhone 14 / iOS 17.4 Beta
- iPad Air / iPadOS 16.7.2
Brave build: 1.62.1 (24.2.29.16)
BraveCore: 1.62.158 (121.0.6167.139)

---

STEPS:

1. Follow the flow from Url bar falsely showing insecure state in 1.62+ #8778 (comment)
2. Verify

ACTUAL RESULTS:

• Verified that Not Secure in the URL search bar is not shown

---

iPhone

2024-02-28_17-53-09.2.mp4

iPad

2024-02-29_09-46-46.mp4