-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unwanted fallback to www.google.com:80 if redirector.brave.com is unresponsive #29841
Comments
Can confirm it falls back to On desktop machine (macos or linux):
On Android device :
Result will be the same as mentioned by @fmarier above |
Removed milestone, we'll move the issue into the appropriate milestone once we have uplifts. Assuming this needs to go out via the next possible release. It could be a |
Verification
|
Brave | 1.52.84 Chromium: 113.0.5672.63 (Official Build) beta (x86_64) |
---|---|
Revision | 0e1a4471d5ae5bf128b1bd8f4d627c8cbd55f70c-refs/branch-heads/5672@{#912} |
OS | macOS Version 13.4 (Build 22F5059b) |
Confirmed issue using 1.51.110
Steps:
- entered
sudo nano /etc/hosts
inTerminal.app
- added
127.0.0.1 redirector.brave.com
and saved the changes - restarted macOS
- installed
1.52.84
- launched
Fiddler Everywhere
- launched Brave
- checked for the two (2) initial, immediate
GET
requests tohttp://www.google.com/dl/release2/chrome_component...
Confirmed only requests to *.brave.com
hosts during fallback, when redirector.brave.com
is unreachable
1.52.84 |
google filter |
1.51.110 |
etc/hosts |
---|---|---|---|
@stephendonner is it me or does the screenshot above show the two requests to google still in |
It is not you - the fix wasn't (yet) uplifted to |
@taoeffect The fix for the password manager leak (brave/brave-core#18153) is in 1.51, but the one for the fallback to http://www.google.com on port 80 will come a little later (1.52). |
Verified on
Using description and steps to reproduce in #29841 (comment), the fallback was reproduced using build version 1.50.106 The following rewrite rule in Charles Proxy was created to modify the http response code from 200 to 503 for all responses for
|
Verified on
STEPS:
ACTUAL RESULTS:
|
Reproduced on Verification passed on
Verified fallback to www.google.com:80 was not made when redirector.brave.com is unresponsive |
Description
If
redirector.brave.com
is unresponsive (e.g. returning a503
), the browser will fall back towww.google.com:80
(yes, unencrypted HTTP) for component updates.Steps to Reproduce
This is how I did it on a Linux machine:
/etc/hosts
:127.0.0.1 redirector.brave.com
mitmproxy --mode socks5 --listen-port 9000
brave-browser-stable --user-data-dir=/home/francois/brave-temp-profile --proxy-server="socks5://localhost:9000"
Actual result:
Then you should immediately see two HTTP (port 80) requests to
www.google.com
:The first one refers to CRLsets (a TLS component) while the second one is part of Safe Browsing (the File Type Policies component).
Later we see these components being downloaded using the HTTP fallback:
Expected result:
If the connection to
redirector.brave.com
fails, the browser should simply give up and not update the components.Desktop Brave version:
Android Device details:
I didn't test on Android, but I suspect it has the same fallback.
The text was updated successfully, but these errors were encountered: