HTTPS by default for Desktop (#16521)

HTTPS by default on Desktop - Disabled, Standard, Strict modes - Controlled by global and per-site shields settings - Merge UI with HTTPS-Only Mode - Behind HttpsByDefault feature flag - Browser tests for each setting
brave · Feb 8, 2023 · 98b811e · 98b811e
1 parent 02fb4f2
commit 98b811e
Show file tree

Hide file tree

Showing 58 changed files with 1,179 additions and 46 deletions.
diff --git a/android/android_browser_tests.gni b/android/android_browser_tests.gni
@@ -18,6 +18,7 @@ android_test_exception_sources = [
   "//brave/browser/brave_shields/cookie_expiry_browsertest.cc",
   "//brave/browser/brave_shields/domain_block_page_browsertest.cc",
   "//brave/browser/brave_shields/eventsource_pool_limit_browsertest.cc",
+  "//brave/browser/brave_shields/https_upgrade_browsertest.cc",
   "//brave/browser/brave_shields/websockets_pool_limit_browsertest.cc",
   "//brave/browser/brave_wallet/brave_wallet_ethereum_chain_browsertest.cc",
   "//brave/browser/brave_wallet/brave_wallet_event_emitter_browsertest.cc",

diff --git a/app/brave_settings_strings.grdp b/app/brave_settings_strings.grdp
@@ -269,6 +269,18 @@
   <message name="IDS_SETTINGS_STRICT_FINGERPRINTING" desc="Select value">
     Strict, may break sites
   </message>
+  <message name="IDS_SETTINGS_BRAVE_SHIELDS_HTTPS_UPGRADE_CONTROL_LABEL" desc="Default Brave https upgrade control setting label">
+    Upgrade connections to HTTPS
+  </message>
+  <message name="IDS_SETTINGS_STANDARD_HTTPS_UPGRADE" desc="Select value">
+    Standard
+  </message>
+  <message name="IDS_SETTINGS_DISABLED_HTTPS_UPGRADE" desc="Select value">
+    Disabled
+  </message>
+  <message name="IDS_SETTINGS_STRICT_HTTPS_UPGRADE" desc="Select value">
+    Strict
+  </message>
   <message name="IDS_SETTINGS_BRAVE_SHIELDS_COOKIE_CONTROL_LABEL" desc="Default Brave cookies control setting label">
     Block cookies
   </message>

diff --git a/browser/BUILD.gn b/browser/BUILD.gn
@@ -1,3 +1,8 @@
+# Copyright (c) 2022 The Brave Authors. All rights reserved.
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at https://mozilla.org/MPL/2.0/.
+
 import("//brave/build/config.gni")
 import("//build/buildflag_header.gni")
 import("//build/config/features.gni")

diff --git a/browser/about_flags.cc b/browser/about_flags.cc
@@ -430,6 +430,11 @@ constexpr char kAllowCertainClientHintsDescription[] =
     "Allows setting certain request client hints (sec-ch-ua, sec-ch-ua-mobile, "
     "sec-ch-ua-platform)";
 
+constexpr char kBraveHttpsByDefaultName[] = "Use HTTPS by Default";
+constexpr char kBraveHttpsByDefaultDescription[] =
+    "Attempt to connect to all websites using HTTPS before falling back to "
+    "HTTP.";
+
 #if defined(TOOLKIT_VIEWS)
 constexpr char kBraveVerticalTabsName[] = "Vertical tabs";
 constexpr char kBraveVerticalTabsDescription[] =
@@ -813,7 +818,7 @@ constexpr char kRestrictEventSourcePoolDescription[] =
       flag_descriptions::kBraveTorWindowsHttpsOnlyName,                     \
       flag_descriptions::kBraveTorWindowsHttpsOnlyDescription,              \
       kOsAll, FEATURE_VALUE_TYPE(                                           \
-          blink::features::kBraveTorWindowsHttpsOnly)},                     \
+          net::features::kBraveTorWindowsHttpsOnly)},                       \
     {"brave-round-time-stamps",                                             \
       flag_descriptions::kBraveRoundTimeStampsName,                         \
       flag_descriptions::kBraveRoundTimeStampsDescription,                  \
@@ -839,6 +844,11 @@ constexpr char kRestrictEventSourcePoolDescription[] =
       flag_descriptions::kBraveSyncSendAllHistoryDescription,               \
       kOsAll, FEATURE_VALUE_TYPE(                                           \
           brave_sync::features::kBraveSyncSendAllHistory)},                 \
+    {"https-by-default",                                                    \
+      flag_descriptions::kBraveHttpsByDefaultName,                          \
+      flag_descriptions::kBraveHttpsByDefaultDescription,                   \
+      kOsAll, FEATURE_VALUE_TYPE(                                           \
+          net::features::kBraveHttpsByDefault)},                            \
     BRAVE_IPFS_FEATURE_ENTRIES                                              \
     BRAVE_NATIVE_WALLET_FEATURE_ENTRIES                                     \
     BRAVE_NEWS_FEATURE_ENTRIES                                              \

diff --git a/browser/brave_browser_process.h b/browser/brave_browser_process.h
@@ -55,6 +55,10 @@ namespace debounce {
 class DebounceComponentInstaller;
 }  // namespace debounce
 
+namespace https_upgrade_exceptions {
+class HttpsUpgradeExceptionsService;
+}  // namespace https_upgrade_exceptions
+
 namespace misc_metrics {
 class MenuMetrics;
 }  // namespace misc_metrics
@@ -66,7 +70,7 @@ class NTPBackgroundImagesService;
 namespace tor {
 class BraveTorClientUpdater;
 class BraveTorPluggableTransportUpdater;
-}
+}  // namespace tor
 
 namespace ipfs {
 class BraveIpfsClientUpdater;
@@ -86,6 +90,8 @@ class BraveBrowserProcess {
   virtual ~BraveBrowserProcess();
   virtual void StartBraveServices() = 0;
   virtual brave_shields::AdBlockService* ad_block_service() = 0;
+  virtual https_upgrade_exceptions::HttpsUpgradeExceptionsService*
+  https_upgrade_exceptions_service() = 0;
 #if BUILDFLAG(ENABLE_GREASELION)
   virtual greaselion::GreaselionDownloadService*
   greaselion_download_service() = 0;

diff --git a/browser/brave_browser_process_impl.cc b/browser/brave_browser_process_impl.cc
@@ -35,6 +35,7 @@
 #include "brave/components/constants/pref_names.h"
 #include "brave/components/debounce/browser/debounce_component_installer.h"
 #include "brave/components/debounce/common/features.h"
+#include "brave/components/https_upgrade_exceptions/browser/https_upgrade_exceptions_service.h"
 #include "brave/components/misc_metrics/menu_metrics.h"
 #include "brave/components/ntp_background_images/browser/ntp_background_images_service.h"
 #include "brave/components/p3a/brave_p3a_service.h"
@@ -53,6 +54,7 @@
 #include "components/component_updater/timer_update_scheduler.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/child_process_security_policy.h"
+#include "net/base/features.h"
 #include "services/network/public/cpp/resource_request.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
 #include "url/gurl.h"
@@ -200,6 +202,10 @@ void BraveBrowserProcessImpl::StartBraveServices() {
   https_everywhere_service()->Start();
   resource_component();
 
+  if (base::FeatureList::IsEnabled(net::features::kBraveHttpsByDefault)) {
+    https_upgrade_exceptions_service();
+  }
+
 #if BUILDFLAG(ENABLE_GREASELION)
   greaselion_download_service();
 #endif
@@ -242,6 +248,16 @@ BraveBrowserProcessImpl::ntp_background_images_service() {
   return ntp_background_images_service_.get();
 }
 
+https_upgrade_exceptions::HttpsUpgradeExceptionsService*
+BraveBrowserProcessImpl::https_upgrade_exceptions_service() {
+  if (!https_upgrade_exceptions_service_) {
+    https_upgrade_exceptions_service_ =
+        https_upgrade_exceptions::HttpsUpgradeExceptionsServiceFactory(
+            local_data_files_service());
+  }
+  return https_upgrade_exceptions_service_.get();
+}
+
 #if BUILDFLAG(ENABLE_GREASELION)
 greaselion::GreaselionDownloadService*
 BraveBrowserProcessImpl::greaselion_download_service() {

diff --git a/browser/brave_browser_process_impl.h b/browser/brave_browser_process_impl.h
@@ -38,6 +38,10 @@ class AdBlockService;
 class HTTPSEverywhereService;
 }  // namespace brave_shields
 
+namespace https_upgrade_exceptions {
+class HttpsUpgradeExceptionsService;
+}  // namespace https_upgrade_exceptions
+
 namespace brave_stats {
 class BraveStatsUpdater;
 }  // namespace brave_stats
@@ -63,7 +67,7 @@ class NTPBackgroundImagesService;
 namespace tor {
 class BraveTorClientUpdater;
 class BraveTorPluggableTransportUpdater;
-}
+}  // namespace tor
 
 namespace ipfs {
 class BraveIpfsClientUpdater;
@@ -76,7 +80,7 @@ class SpeedreaderRewriterService;
 namespace brave_ads {
 class BraveStatsUpdaterHelper;
 class ResourceComponent;
-}
+}  // namespace brave_ads
 
 class BraveBrowserProcessImpl : public BraveBrowserProcess,
                                 public BrowserProcessImpl {
@@ -95,6 +99,8 @@ class BraveBrowserProcessImpl : public BraveBrowserProcess,
 
   void StartBraveServices() override;
   brave_shields::AdBlockService* ad_block_service() override;
+  https_upgrade_exceptions::HttpsUpgradeExceptionsService*
+  https_upgrade_exceptions_service() override;
 #if BUILDFLAG(ENABLE_GREASELION)
   greaselion::GreaselionDownloadService* greaselion_download_service() override;
 #endif
@@ -156,6 +162,8 @@ class BraveBrowserProcessImpl : public BraveBrowserProcess,
   std::unique_ptr<brave_component_updater::BraveComponent::Delegate>
       brave_component_updater_delegate_;
   std::unique_ptr<brave_shields::AdBlockService> ad_block_service_;
+  std::unique_ptr<https_upgrade_exceptions::HttpsUpgradeExceptionsService>
+      https_upgrade_exceptions_service_;
 #if BUILDFLAG(ENABLE_GREASELION)
   std::unique_ptr<greaselion::GreaselionDownloadService>
       greaselion_download_service_;