"Your connection is not private" should allow a workaround #14216
Comments
|
The warning in Brave is the same warning message is in Chrome. Not sure if we need to change it. (Testing the example |
|
@ryanbr Thanks for your reply! Unfortunately, don't have Chrome installed. But are you telling that with Chrome you really can't proceed to such sites, too? I mean, it's sort of embarrassing for a user being unable to make their educated choice. |
|
How could the error message be improved, maybe a sample screenshot? |
|
@ryanbr Didn't I provide one? :) On the Firefox pic you can notice that despite having an error, you can still proceed to the website. Yes, there will be possible risks but they are on you and you are taking your educated decision. Until recently, Brave (and Chrome) had the same opportunity. Now, Brave just informs the user about the error, and there's nothing one can do, users simply are forced to obey. |
|
You can proceed, there is a link provided. Clicking on
|
|
But I don't have this Here's another pic, and note that the scrollbar is at the very bottom, there's nothing more there: Version 1.20.103 Chromium: 88.0.4324.152 (Official Build) (x86_64) (and it says it's up to date). |
|
As of version 1.20.108 Chromium: 88.0.4324.182 (Official Build) (x86_64), it's still has no No, it doesn't repros for me on Chrome, since Chrome seems to have this link: So, it would be great if you guys indeed could update/check your Brave, and confirm this issue. |
|
+1 to getting this fixed: I too do not have the option to Version InfoBrave Version 1.20.108 Chromium: 88.0.4324.182 (Official Build) (64-bit) |
|
I've just noticed that the same URL (same search request) returns different errors in Normal and Private (without Tor) windows. And Private indeed has the Normal: So, may be that's the culprit then? |
|
Need to verify if this is still an issue with this error interstitial with another example. |
|
Closing. Please re-open if still not seeing the links to proceed. Links do appear in Normal window. Tested on latest release channel.
|
|
Please reopen, When we access something hosting with self signed certificates, so for example an OpenWRT router or any consumer modem/routers web GUI accessed over HTTPS, Brave does not allow for me to proceed past the warning. I have to switch to use literally any other browser except Brave to login and configure settings on the router etc. It would appear that ERR_CERT_INVALID error is trying to be overly zealous about not letting the user continue on to an "unsafe" site. For public IP or FQDN this would make sense, but I think you should have a sanity check for private IPs and allow such proceeding on a private IP range. What happens currently is really stupid because it locks anyone out from trying to configure their modem or any such thing as that. DUMB! Screenshot attached:
Here you can see it working fine in Firefox:
And here is the certificate for your reference: |
|
Does it occur in Chrome also? |
Don't use chrome, won't use chrome. It occurs in Brave, and needs to be fixed in Brave. |
|
If its a Chrome issue, it should be reported there also. Not saying you permanently need to use Chrome, gives us guidance on how to resolve this. Probably related: https://bugs.chromium.org/p/chromium/issues/detail?id=1095820 |
|
Please reopen - this happens with self signed certificates. This is crucial for technical workflows, for example I cannot setup my newly installed esxi server through brave. The error message should also be clearer - in the case of self signed certificates, the connection is indeed encrypted aka private - but it cannot be validated or trusted. Additionally, site settings -> "display insecure content" has no impact.
|
|
clicking in the window and typing |
And indeed it does. Thanks! |
|
The above key worked, but I had no knowledge of it until after I found the solution myself ( I had inspected the page and searched for "ignore" and then on the second occurrence I saw a relevant script there, I copied what was inside the if pasted into the console and it allowed my local website! But then I came across this last comments ( thank you very much ) and that also works. |
Is there any way to make this ridiculously arcane and otherwise impossible-to-discover feature more readily available for web developers somehow? |
|
This still does not have a workaround.... |
|
I maintain. I run a lot of docker applications on my server and some of them run on https internally without a domain. It can't get a signed certificate and doesn't need to. But because of the brave browser, I just can't accept that security is now my concern and just work like I can do in chrome, safari and so on. Terrible!!! Fix this! |
|
Latest release and this is STILL present. I've never seen a "Proceed..." link in the past 3 years of using Brave on my Mac. Also someone above mentioned that "thisisunsafe" adds a site to a whitelist. That's not accurate. There are 6 or 7 sites I access on a daily basis for work that are "insecure" on the company intranet and every single day for every single one, I am typing "thisisunsafe" to actually get into the site. How this has been here for at least 3 years is beyond me. Such a QOL fail. Can this be looked at again, please? https://i.imgur.com/TskNzrP.png (this site I access multiple times a day, every day. All from a normal window. Or from incognito. Shouldn't matter though.) |
|
I feel the pain. Im a System-Administrator and want to use my new MacBook Pro with Brave, because its my preferred Browser. But with this Bug, it is not really usable for that. Im looking forward to hear from the Brave Team to fix it. |
|
A "fix" like this isn't a Brave issue, should be addressed in chromium. For security we wouldn't override this. ref: https://bugs.chromium.org/p/chromium/issues/detail?id=1095820 |
OK, thanks for the quick Answer. I will report it there to. |
The “thisisunsafe” command allows us to override and is an acceptable workaround in my opinion. I think that the “thisisunsafe” command does need to be made known to the user better then it is today however. |
Did I have to write this on my keyboard or in the browser console? |
Click the page and just type "thisisunsafe" you won't see it typing the characters anywhere but it auto detects it and proceeds to the site. I'm also on a mac, this command is a saviour ;) |
Adding a "go anyway" button, as it was in the original version before the chromium team fixed it, does not affect security in any way: the user is still shown a message about an invalid certificate, they just stop being forced to write weird spells in the browser console. All you need to do is add a "go anyway, I understand the risks" button |
|
Since i try this Tipp, the button appears on my Mac.
|
|
Hello, I have found an alternative approach to downloading the file |
Description
When encountering a privacy error, a user should be allowed to proceed anyway. May be this option to allow proceeding should be first enabled in settings or flags but it still must exist.
Brave:
https://i.imgur.com/pdYLL8x.png
Firefox:
https://i.imgur.com/GFYbrmg.png
Version info:
Brave | 1.20.103 Chromium: 88.0.4324.152 (Official Build) (x86_64)
Revision | 6579930fc53b4dc589c042bec9d0a3778326974d-refs/branch-heads/4324@{#2106}
OS | OS X Version 10.11.6 (Build 15G22010)
The text was updated successfully, but these errors were encountered: