Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[hackerone] Always show URL before onion redirects #34163

Closed
diracdeltas opened this issue Nov 7, 2023 · 3 comments · Fixed by brave/brave-core#20962
Closed

[hackerone] Always show URL before onion redirects #34163

diracdeltas opened this issue Nov 7, 2023 · 3 comments · Fixed by brave/brave-core#20962
Assignees
@boocmp
Labels
feature/tor OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include security
Milestone
1.62.x - Release

Comments

@diracdeltas
Copy link
Member

diracdeltas commented Nov 7, 2023
edited by fmarier
Loading

https://hackerone.com/reports/2239946 reported by newfunction

  1. Show the full URL that is about to be opened in a Tor window on mouseover over the "Open in Tor" button in the URL bar
  2. Change the "Automatically redirect .onion sites" setting so that redirects to an .onion happen automatically ONLY in Tor windows and not in normal or private windows (Automatically redirect .onion sites triggers from all window types. #15199 (comment))
  3. Change the settings description for the automatic onion redirect from:

Brave will switch to the .onion version of a website when available, and automatically open all .onion domains in a Tor window.

to:

In Tor windows, Brave will automatically switch to the .onion version of a website when available.

cc @fmarier
@diracdeltas diracdeltas added OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. feature/tor labels Nov 7, 2023
@diracdeltas diracdeltas mentioned this issue Nov 7, 2023
Closed
@boocmp boocmp self-assigned this Nov 8, 2023
@boocmp boocmp mentioned this issue Nov 13, 2023
Merged
25 tasks
@brave-builds brave-builds added this to the 1.62.x - Nightly milestone Nov 29, 2023
@stephendonner
Copy link

stephendonner commented Dec 6, 2023
edited
Loading

Verification PASSED using

Brave | 1.62.97 Chromium: 120.0.6099.56 (Official Build) beta (x86_64)
-- | --
Revision | 9561bb49dc23c407275af722586f045356609329
OS | macOS Version 11.7.10 (Build 20G1427)

Show the full URL as a tooltip in the Open in Tor button - PASSED

Steps:

  1. installed 1.62.97
  2. launched Brave
  3. loaded brave.com in a normal window/tab
  4. hovered over the Tor button/icon in the URL bar

Confirmed the full site URL is displayed as a tooltip, on hover

Screen Shot 2023-12-06 at 12 55 56 PM

Redirects to .onion sites happen automatically now only in Tor windows - PASSED

Preference ON - PASSED

Steps:

  1. installed 1.62.97
  2. launched Brave
  3. toggled Automatically redirect .onion sites to ON (defaults to OFF) in brave://settings/privacy
  4. opened a new-tab window
  5. loaded theguardian.com
  6. confirmed Tor button with tooltip of full site URL
  7. clicked on the Tor button
  8. repeated steps but with the various window types below

Normal window - PASSED

example example example
Screen Shot 2023-12-06 at 1 00 13 PM Screen Shot 2023-12-06 at 1 01 33 PM Screen Shot 2023-12-06 at 2 59 07 PM

Private Window with Tor - PASSED

example example example
Screen Shot 2023-12-06 at 1 00 13 PM Screen Shot 2023-12-06 at 1 50 17 PM Screen Shot 2023-12-06 at 1 50 10 PM

Private Window - PASSED

example example
Screen Shot 2023-12-06 at 1 00 13 PM Screen Shot 2023-12-06 at 1 56 52 PM

Guest-profile window - PASSED

Confirmed theguardian.com only loaded in the Guest profile window, not the .onion URL

example example
Screen Shot 2023-12-06 at 1 00 13 PM Screen Shot 2023-12-06 at 1 59 09 PM

Preference OFF - PASSED

  1. installed 1.62.97
  2. launched Brave
  3. opened a new-tab window
  4. loaded brave.com
  5. confirmed Tor button with tooltip of full site URL
  6. clicked on the Tor button
  7. repeated steps 3-6 but with the various window types below

Confirmed .onion version of brave.com loaded

Normal window - PASSED

example example example
Screen Shot 2023-12-06 at 2 24 02 PM Screen Shot 2023-12-06 at 2 25 54 PM Screen Shot 2023-12-06 at 2 26 30 PM

Private Window with Tor - PASSED

example example example
Screen Shot 2023-12-06 at 2 24 02 PM Screen Shot 2023-12-06 at 2 28 26 PM Screen Shot 2023-12-06 at 2 30 58 PM

Private Window - PASSED

example example example
Screen Shot 2023-12-06 at 2 24 02 PM Screen Shot 2023-12-06 at 2 31 27 PM Screen Shot 2023-12-06 at 2 31 34 PM

Guest-profile window - PASSED

Confirmed brave.com only loaded in the Guest profile window, not the .onion URL

example example
Screen Shot 2023-12-06 at 2 24 02 PM Screen Shot 2023-12-06 at 2 32 46 PM

Settings-description change for Automatically redirect .onion sites - PASSED

Steps:

  1. installed 1.62.97
  2. launched Brave
  3. opened brave://settings/privacy
  4. confirmed the descriptive text for Automatically redirect .onion sites reads, "In Tor windows, Brave will automatically switch to the .onion version of a website when available."
Screen Shot 2023-12-06 at 12 47 40 PM

@stephendonner stephendonner added QA/In-Progress Indicates that QA is currently in progress for that particular issue QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Dec 6, 2023
@MadhaviSeelam
Copy link

Verification PASSED using

Brave | 1.62.99 Chromium: 120.0.6099.62 (Official Build) beta (64-bit)
-- | --
Revision | 0f3e892de210168e788b3418961f94c4d0c5942a
OS | Windows 11 Version 22H2 (Build 22621.2715)

Show the full URL as a tooltip in the Open in Tor button - PASSED

Steps:

  1. installed 1.62.99
  2. launched Brave
  3. loaded brave.com in a normal window/tab
  4. hovered over the Tor button/icon in the URL bar

Confirmed the full site URL is displayed as a tooltip, on hover

image

Redirects to .onion sites happen automatically now only in Tor windows - PASSED

Preference ON - PASSED

Steps:

  1. installed 1.62.99
  2. launched Brave
  3. toggled Automatically redirect .onion sites to ON (defaults to OFF) in brave://settings/privacy
  4. opened a new-tab window
  5. loaded nytimes.com
  6. confirmed Tor button with tooltip of full site URL
  7. clicked on the Tor button
  8. repeated steps but with the various window types below

Normal window - PASSED

example example example
image image image

####Private Window with Tor - PASSED

example example example
image image image

Private Window - PASSED

example example
image image

Guest-profile window - PASSED

Confirmed nytimes.com only loaded in the Guest profile window, not the .onion URL

example example
image image

Preference OFF - PASSED

  1. installed 1.62.99
  2. launched Brave
  3. opened a new-tab window
  4. loaded brave.com
  5. confirmed Tor button with tooltip of full site URL
  6. clicked on the Tor button
  7. repeated steps 3-6 but with the various window types below

Confirmed .onion version of brave.com loaded

Normal window - PASSED

example example example
image image image

Private Window with Tor - PASSED

example example example
image image image

Private Window - PASSED

example example example
image image image

Guest-profile window - PASSED

Confirmed brave.com only loaded in the Guest profile window, not the .onion URL

example example
image image

Settings-description change for Automatically redirect .onion sites - PASSED

Steps:

  1. installed 1.62.99
  2. launched Brave
  3. opened brave://settings/privacy
  4. confirmed the descriptive text for Automatically redirect .onion sites reads, "In Tor windows, Brave will automatically switch to the .onion version of a website when available."
image

@LaurenWags LaurenWags added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Dec 19, 2023
@LaurenWags
Copy link
Member

LaurenWags commented Dec 19, 2023
edited
Loading

Verified with

Brave	1.62.112 Chromium: 120.0.6099.115 (Official Build) beta (64-bit) 
Revision	ae1e179b9884b2de2f4ba0bdea7da3beaad93ffa
OS	Linux

Show the full URL as a tooltip in the Open in Tor button - PASSED

Steps:

  1. installed 1.62.x
  2. launched Brave
  3. loaded brave.com in a normal window/tab
  4. hovered over the Tor button/icon in the URL bar

Confirmed the full site URL is displayed as a tooltip, on hover

1

Redirects to .onion sites happen automatically now only in Tor windows - PASSED

Preference ON - PASSED

Steps:

  1. installed 1.62.x
  2. launched Brave
  3. toggled Automatically redirect .onion sites to ON (defaults to OFF) in brave://settings/privacy
  4. opened a new-tab window
  5. loaded nytimes.com
  6. confirmed Tor button with tooltip of full site URL
  7. clicked on the Tor button
  8. repeated steps but with the various window types below

Normal window - PASSED

example example example
1 2 3

Private Window - PASSED

example example example
1 2 3

Private Window with Tor - PASSED

example example example example
1 2 3 4

Guest-profile window - PASSED

Confirmed nytimes.com only loaded in the Guest profile window, not the .onion URL

example example
1 2

Preference OFF - PASSED

  1. installed 1.62.x
  2. launched Brave
  3. opened a new-tab window
  4. loaded brave.com
  5. confirmed Tor button with tooltip of full site URL
  6. clicked on the Tor button
  7. repeated steps 3-6 but with the various window types below

Normal window - PASSED

example example example
1 2 3

Private Window - PASSED

example example example
1 2 3

Private Window with Tor - PASSED

example example example
1 2 3

Guest-profile window - PASSED

Confirmed brave.com only loaded in the Guest profile window, not the .onion URL

example example
1 2

Settings-description change for Automatically redirect .onion sites - PASSED

Steps:

  1. installed 1.62.x
  2. launched Brave
  3. opened brave://settings/privacy
  4. confirmed the descriptive text for Automatically redirect .onion sites reads, "In Tor windows, Brave will automatically switch to the .onion version of a website when available."
Screenshot 2023-12-19 at 10 46 15 AM

@LaurenWags LaurenWags added QA Pass-Linux and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Dec 19, 2023
@LaurenWags LaurenWags mentioned this issue Jan 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@boocmp boocmp

Labels
feature/tor OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include security
Projects
Tor and Private Windows
Status: Completed
Milestone
1.62.x - Release
Development

Successfully merging a pull request may close this issue.

Auto redirect .onion url only in Tor windows. brave/brave-core
6 participants
@stephendonner @diracdeltas @LaurenWags @brave-builds @boocmp @MadhaviSeelam