Remove unnecessary hosts from Brave index*.html CSP

Removes the following hosts from the connect-src directive:  https://s3.amazonaws.com/adblock-data/ https://s3.amazonaws.com/safe-browsing-data/ https://s3.amazonaws.com/tracking-protection-data/ https://s3.amazonaws.com/https-everywhere-data/ https://brave-download.global.ssl.fastly.net https://brave-laptop-updates.global.ssl.fastly.net https://laptop-updates-pre.brave.com https://brave-laptop-updates-pre.brave.com

These are not necessary to whitelist in CSP since they are only connected to from the main process, not the renderer process.

fix #12263

Test Plan:
1. automated test passes
2. Delete httpse.json, *.dat, and `Extensions/jdbefljfgobbmcidnmpjamcbhnbphjnb/` in your brave APP_DATA directory (ex: `/Users/yan/Library/Application Support/Brave`)
3. Build a package if not running from a pre-packaged version of brave: `CHANNEL=dev npm run build-package`
4. Open the packaged version of Brave
5. Click 'Check for updates' from the file menu. It should show that no updates are available instead of an error.
6. Make sure opening a PDF works
7. Make sure HTTPS Everywhere works using https://https-everywhere.badssl.com/

app/extensions/brave/index-dev.html

@@ -7,7 +7,7 @@
  <!-- TODO: Don't allow img-src *, needed for favicons -->
  <!-- TODO: Refactor away all unsafe-inline content -->
  <!-- TODO: Replace suggestqueries.google.com and ac.duckduckgo.com and other search engines with a single config search engine -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'none'; form-action http://localhost:*; script-src 'self' http://localhost:*; connect-src 'self' https://s3.amazonaws.com/adblock-data/ https://s3.amazonaws.com/safe-browsing-data/ https://s3.amazonaws.com/tracking-protection-data/ https://s3.amazonaws.com/https-everywhere-data/ http://localhost:* ws://localhost:* https://suggestqueries.google.com https://ac.duckduckgo.com https://completion.amazon.com https://search.yahoo.com https://api.bing.com https://www.startpage.com https://infogalactic.com https://api.qwant.com https://ac.ecosia.org https://searx.me https://www.findx.com https://brave-download.global.ssl.fastly.net https://brave-laptop-updates.global.ssl.fastly.net https://brave-download.global.ssl.fastly.net https://laptop-updates-pre.brave.com https://brave-laptop-updates-pre.brave.com; style-src 'unsafe-inline'; font-src 'self' http://localhost:*; img-src 'self' * data: file: chrome-extension:; object-src 'self'; plugin-types application/browser-plugin">
+ <meta http-equiv="Content-Security-Policy" content="default-src 'none'; form-action http://localhost:*; script-src 'self' http://localhost:*; connect-src 'self' http://localhost:* ws://localhost:* https://suggestqueries.google.com https://ac.duckduckgo.com https://completion.amazon.com https://search.yahoo.com https://api.bing.com https://www.startpage.com https://infogalactic.com https://api.qwant.com https://ac.ecosia.org https://searx.me https://www.findx.com; style-src 'unsafe-inline'; font-src 'self' http://localhost:*; img-src 'self' * data: file: chrome-extension:; object-src 'self'; plugin-types application/browser-plugin">
  <meta name="referrer" content="no-referrer">
  <title>Brave</title>
  <script src="ext/l20n.min.js"></script>

app/extensions/brave/index.html

@@ -7,7 +7,7 @@
  <!-- TODO: Don't allow img-src *, needed for favicons -->
  <!-- TODO: Refactor away all unsafe-inline content -->
  <!-- TODO: Replace suggestqueries.google.com and ac.duckduckgo.com and other search engines with a single config search engine -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'none'; form-action http://localhost:*; script-src 'self'; img-src * data: file: chrome-extension:; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://s3.amazonaws.com/adblock-data/ https://s3.amazonaws.com/safe-browsing-data/ https://s3.amazonaws.com/tracking-protection-data/ https://s3.amazonaws.com/https-everywhere-data/ https://suggestqueries.google.com https://ac.duckduckgo.com https://completion.amazon.com https://search.yahoo.com https://api.bing.com https://www.startpage.com https://infogalactic.com https://api.qwant.com https://ac.ecosia.org https://searx.me https://www.findx.com https://brave-download.global.ssl.fastly.net https://brave-laptop-updates.global.ssl.fastly.net https://laptop-updates-pre.brave.com https://brave-laptop-updates-pre.brave.com; object-src 'self'; plugin-types application/browser-plugin"/>
+ <meta http-equiv="Content-Security-Policy" content="default-src 'none'; form-action http://localhost:*; script-src 'self'; img-src * data: file: chrome-extension:; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://suggestqueries.google.com https://ac.duckduckgo.com https://completion.amazon.com https://search.yahoo.com https://api.bing.com https://www.startpage.com https://infogalactic.com https://api.qwant.com https://ac.ecosia.org https://searx.me https://www.findx.com; object-src 'self'; plugin-types application/browser-plugin"/>
  <meta name="referrer" content="no-referrer">
  <title>Brave</title>
  <script src="ext/l20n.min.js"></script>

test/navbar-components/urlBarSuggestionsTest.js

@@ -254,4 +254,25 @@ describe('search suggestions', function () {
  })
  })
  })
+
+ it('Can load search suggestions from non-default search provider', function * () {
+ yield this.app.client.changeSetting(settings.DEFAULT_SEARCH_ENGINE, 'DuckDuckGo')
+ .newTab()
+ .waitForUrl(Brave.newTabUrl)
+ .windowByUrl(Brave.browserWindowUrl)
+ .waitForExist('[data-test-active-tab][data-frame-key="2"]')
+ .waitForElementFocus(urlInput)
+ const input = 'what is'
+ for (let i = 0; i < input.length; i++) {
+ yield this.app.client
+ .keys(input[i])
+ .pause(50)
+ }
+ yield this.app.client
+ .waitForVisible(urlBarSuggestions)
+ .keys(Brave.keys.DOWN)
+ .waitForExist(urlBarSuggestions + ' [data-test-id="list-item"][data-index="0"][data-test2-id="notSelected"]')
+ .keys(Brave.keys.ENTER)
+ .waitForInputText(urlInput, /duckduckgo.*\/.*q=what.+is/)
+ })
 })