Split HTTP auth cache by NetworkIsolationKey

This feature will partition the server entries in the cache using top frame origin (and also possibly the subframe origin) to prevent sites from using this cache to track users across sites.

Currently, there's a per-profile cache of HTTP auth credentials. Per-origin HTTP auth credentials can be added to the auth cache either by embedding them in a URL, or by obtaining them from a user.  Credentials that are successfully used once are added to the cache.  Once in the cache, these credentials are automatically sent without user input.  This feature will partition the server entries in the cache using top frame origin (and also possibly the subframe origin) to prevent sites from using this cache to track users across sites. Proxy auth credentials will not be affected by this change - proxy credentials entered to load one top level site will automatically be used for others as well.

Documentation

Status in Chromium

Internals>Network>Auth


Behind a flag (tracking bug) in:

  • Chrome for desktop release 80
  • Chrome for Android release 80

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No public signals
  • No public signals
  • No public signals
  • No signals

Owner

Last updated on 2019-11-01