Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS by default for Desktop #16521

Merged
merged 1 commit into from
Feb 8, 2023
Merged

HTTPS by default for Desktop #16521

merged 1 commit into from
Feb 8, 2023

Conversation

arthuredelstein
Copy link
Collaborator

@arthuredelstein arthuredelstein commented Jan 4, 2023
edited
Loading

For Desktop and Android:

  • Disabled, Standard, Strict modes
  • Controlled by global and per-site shields settings
  • Merge UI with HTTPS-Only Mode
  • Behind HttpsByDefault feature flag
  • Browser tests for each setting

Resolves brave/brave-browser#27141

Submitter Checklist:

  • Security/privacy review is here: https://github.com/brave/security/issues/1134
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run lint, npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

@github-actions
Copy link
Contributor

github-actions bot commented Jan 4, 2023

⚠️ PR head is an unsigned commit
commit: b652d24
reason: unsigned
Please follow the handbook to configure commit signing
cc: @arthuredelstein

@github-actions github-actions bot added CI/run-network-audit Run network-audit CI/storybook-url Deploy storybook and provide a unique URL for each build potential-layer-violation-fixes This PR touches a BUILD.gn file with check_includes=false labels Jan 4, 2023
@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

goodov
goodov reviewed Jan 24, 2023
View reviewed changes
browser/BUILD.gn Outdated Show resolved Hide resolved
components/brave_component_updater/browser/https_upgrade_exceptions_service.h Outdated Show resolved Hide resolved
components/brave_shields/browser/DEPS Outdated Show resolved Hide resolved
components/brave_shields/browser/BUILD.gn Outdated Show resolved Hide resolved
components/brave_shields/browser/brave_shields_util.cc Outdated Show resolved Hide resolved
components/brave_shields/browser/brave_shields_util.cc Outdated Show resolved Hide resolved
components/brave_shields/browser/brave_shields_util.cc Show resolved Hide resolved
components/brave_component_updater/browser/https_upgrade_exceptions_service.cc Outdated Show resolved Hide resolved
components/brave_component_updater/browser/https_upgrade_exceptions_service.h Outdated Show resolved Hide resolved
chromium_src/components/prefs/pref_service.h Show resolved Hide resolved
goodov
goodov reviewed Jan 30, 2023
View reviewed changes
Copy link
Member

@goodov goodov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like most of comments are resolved, but I don't actually see the changes in PR. did you forget to push? 🤔

browser/BUILD.gn Outdated Show resolved Hide resolved
browser/brave_shields/https_upgrade_browsertest.cc Outdated Show resolved Hide resolved
@arthuredelstein
Copy link
Collaborator Author

@goodov wrote:

looks like most of comments are resolved, but I don't actually see the changes in PR. did you forget to push? 🤔

Sorry for the confusion -- I haven't pushed yet because I'm working on the remaining comments. Will push when they are ready.

@arthuredelstein arthuredelstein marked this pull request as draft January 31, 2023 02:56
@arthuredelstein arthuredelstein marked this pull request as ready for review February 2, 2023 09:13
@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

@arthuredelstein
Copy link
Collaborator Author

The story so far:

I pushed fixes for @goodov's comments in d03b6b3.

But the PR had bitrotted so much that I then rebased it, and squashed those changes. In addition, I decided to remove to the Android UI code for now, to simplify this PR (e7da857).

The browsertest is working in Android, except that there is a problem for all such web-page tests that needs to be fixed in brave/brave-browser#27837, so I have disabled the test in Android for now (4f98503).

As of now all checks are green and ready to merge pending approval from reviewers.

So the plan is to merge this Desktop-only PR first, and then get code/tests for Android working in a future PR.

SergeyZhukovsky
SergeyZhukovsky approved these changes Feb 5, 2023
View reviewed changes
Copy link
Member

@SergeyZhukovsky SergeyZhukovsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++ android tests side. Please create a separate issue for Android as you mentioned and post it in that PR, so it's linked.

@arthuredelstein arthuredelstein changed the title HTTPS by default HTTPS by default for Desktop Feb 5, 2023
@arthuredelstein
Copy link
Collaborator Author

++ android tests side. Please create a separate issue for Android as you mentioned and post it in that PR, so it's linked.

Thanks -- here's the Android issue: brave/brave-browser#28295.

goodov
goodov reviewed Feb 6, 2023
View reviewed changes
browser/brave_shields/https_upgrade_browsertest.cc Outdated Show resolved Hide resolved
browser/brave_shields/https_upgrade_browsertest.cc Outdated Show resolved Hide resolved
browser/brave_shields/https_upgrade_browsertest.cc Outdated Show resolved Hide resolved
browser/brave_shields/https_upgrade_browsertest.cc Show resolved Hide resolved
browser/brave_shields/https_upgrade_browsertest.cc Outdated Show resolved Hide resolved
browser/brave_shields/https_upgrade_browsertest.cc Outdated Show resolved Hide resolved
components/https_upgrade_exceptions/browser/BUILD.gn Show resolved Hide resolved
components/https_upgrade_exceptions/browser/https_upgrade_exceptions_service.cc Outdated Show resolved Hide resolved
components/https_upgrade_exceptions/browser/https_upgrade_exceptions_service.cc Outdated Show resolved Hide resolved
browser/brave_shields/https_upgrade_browsertest.cc

void SetUpOnMainThread() override {
g_brave_browser_process->https_upgrade_exceptions_service()
->SetIsReadyForTesting();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would also like to see a test that uses data from this service.

Copy link
Collaborator Author

@arthuredelstein arthuredelstein Feb 7, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a good idea. @goodov, if it's all right with you, I'd like to write that test in a follow-up PR (soon). In the meantime @pes10k and I are hoping to merge this PR into Nightly as soon as possible. (Hoping this is OK as the feature is disabled by default and we will roll out gradually.)

I opened an issue: brave/brave-browser#28330

@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

fmarier
fmarier reviewed Feb 7, 2023
View reviewed changes
Copy link
Member

@fmarier fmarier left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really good to me. Well done @arthuredelstein !

The only big thing that needs to be checked before merging (maybe something we could easily add a test for?) is to ensure that HSTS sites never get downgraded since that would a major security issue.

browser/profiles/profile_util.cc Outdated Show resolved Hide resolved
components/brave_shields/browser/brave_shields_util.cc Show resolved Hide resolved
components/brave_shields/browser/brave_shields_util.cc Show resolved Hide resolved
chromium_src/chrome/browser/ssl/https_only_mode_navigation_throttle.cc Outdated Show resolved Hide resolved
chromium_src/chrome/browser/ssl/https_only_mode_navigation_throttle.cc Outdated Show resolved Hide resolved
chromium_src/chrome/browser/ssl/https_only_mode_navigation_throttle.cc Show resolved Hide resolved
browser/brave_shields/https_upgrade_browsertest.cc Show resolved Hide resolved
goodov
goodov approved these changes Feb 7, 2023
View reviewed changes
Copy link
Member

@goodov goodov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm with few comments

browser/tor/brave_tor_browsertest.cc Show resolved Hide resolved
chromium_src/chrome/browser/ssl/https_only_mode_navigation_throttle.cc Show resolved Hide resolved
chromium_src/chrome/browser/ssl/https_only_mode_navigation_throttle.cc Outdated Show resolved Hide resolved
chromium_src/net/base/features.h Outdated Show resolved Hide resolved
@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

@arthuredelstein
HTTPS by default on Desktop
47e3c88 
- Disabled, Standard, Strict modes
- Controlled by global and per-site shields settings
- Merge UI with HTTPS-Only Mode
- Behind HttpsByDefault feature flag
- Browser tests for each setting
@arthuredelstein arthuredelstein enabled auto-merge (squash) February 8, 2023 01:06
@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

@mihaiplesa mihaiplesa merged commit 98b811e into master Feb 8, 2023
@mihaiplesa mihaiplesa deleted the issues/27141_c branch February 8, 2023 12:00
@github-actions github-actions bot added this to the 1.50.x - Nightly milestone Feb 8, 2023
@mkarolin mkarolin mentioned this pull request Mar 7, 2023
Closed
bridiver
bridiver reviewed Aug 27, 2024
View reviewed changes
browser/brave_browser_process_impl.cc
@@ -200,6 +202,10 @@ void BraveBrowserProcessImpl::StartBraveServices() {
https_everywhere_service()->Start();
resource_component();

if (base::FeatureList::IsEnabled(net::features::kBraveHttpsByDefault)) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is definitely not the right place for this check. All this is doing is delaying the initialization if the feature is disabled. The check should go inside HttpsUpgradeExceptionsService

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridiver bridiver bridiver left review comments

@pes10k pes10k pes10k left review comments

@fmarier fmarier fmarier approved these changes

@goodov goodov goodov approved these changes

@SergeyZhukovsky SergeyZhukovsky SergeyZhukovsky approved these changes

@AlexeyBarabash AlexeyBarabash Awaiting requested review from AlexeyBarabash

@samartnik samartnik Awaiting requested review from samartnik

@iefremov iefremov Awaiting requested review from iefremov

Assignees

@arthuredelstein arthuredelstein

Labels
CI/run-network-audit Run network-audit CI/storybook-url Deploy storybook and provide a unique URL for each build potential-layer-violation-fixes This PR touches a BUILD.gn file with check_includes=false
Projects
None yet
Milestone
1.50.x - Release
Development

Successfully merging this pull request may close these issues.

HTTPS by Default (logic + desktop UI)
8 participants
@arthuredelstein @brave-builds @bridiver @pes10k @fmarier @goodov @SergeyZhukovsky @mihaiplesa