Merge pull request #26781 from brave/privacy/ios-fix-http-in-https-only

fix(privacy): Fix iOS HTTPs upgrade failure
brave · Nov 28, 2024 · 3f36e9a · 3f36e9a
2 parents 93c99f8 + 73c3472
commit 3f36e9a
Showing 1 changed file with 22 additions and 13 deletions.
diff --git a/...e-ios/Sources/Brave/Frontend/Browser/BrowserViewController/BVC+WKNavigationDelegate.swift b/...e-ios/Sources/Brave/Frontend/Browser/BrowserViewController/BVC+WKNavigationDelegate.swift
@@ -1093,17 +1093,6 @@ extension BrowserViewController: WKNavigationDelegate {
   ) {
     guard let tab = tab(for: webView) else { return }
 
-    // Handle invalid upgrade to https
-    if let responseURL = webView.url,
-      let response = handleInvalidHTTPSUpgrade(
-        tab: tab,
-        responseURL: responseURL
-      )
-    {
-      tab.loadRequest(response)
-      return
-    }
-
     // Ignore the "Frame load interrupted" error that is triggered when we cancel a request
     // to open an external application and hand it over to UIApplication.openURL(). The result
     // will be that we switch to the external app, for example the app store, while keeping the
@@ -1130,6 +1119,18 @@ extension BrowserViewController: WKNavigationDelegate {
     }
 
     if let url = error.userInfo[NSURLErrorFailingURLErrorKey] as? URL {
+      // Check for invalid upgrade to https
+      if url.scheme == "https",  // verify failing url was https
+        let response = handleInvalidHTTPSUpgrade(
+          tab: tab,
+          responseURL: url
+        )
+      {
+        // load original or strict mode interstitial
+        tab.loadRequest(response)
+        return
+      }
+
       ErrorPageHelper(certStore: profile.certStore).loadPage(error, forUrl: url, inWebView: webView)
 
       // Submitting same erroneous URL using toolbar will cause progress bar get stuck
@@ -1846,6 +1847,15 @@ extension BrowserViewController: WKUIDelegate {
     if shouldUpgradeToHttps(url: requestURL, isPrivate: tab.isPrivate),
       var urlComponents = URLComponents(url: requestURL, resolvingAgainstBaseURL: true)
     {
+      if let existingUpgradeRequestURL = tab.upgradedHTTPSRequest?.url,
+        existingUpgradeRequestURL == requestURL
+      {
+        // if server redirected https -> http, https load never fails.
+        // `webView(_:decidePolicyFor:preferences:)` will be called before
+        // `webView(_:didReceiveServerRedirectForProvisionalNavigation:)`
+        // so we must prevent upgrade loop.
+        return handleInvalidHTTPSUpgrade(tab: tab, responseURL: requestURL)
+      }
       // Attempt to upgrade to HTTPS
       urlComponents.scheme = "https"
       if let upgradedURL = urlComponents.url {
@@ -1891,8 +1901,7 @@ extension BrowserViewController: WKUIDelegate {
   /// or show the interstitial page
   private func handleInvalidHTTPSUpgrade(tab: Tab, responseURL: URL) -> URLRequest? {
     // Handle invalid upgrade to https
-    guard responseURL.scheme == "https",
-      let originalRequest = tab.upgradedHTTPSRequest,
+    guard let originalRequest = tab.upgradedHTTPSRequest,
       let originalURL = originalRequest.url,
       responseURL.baseDomain == originalURL.baseDomain
     else {