Split HTTP auth cache by NetworkIsolationKey

This feature will partition the server entries in the cache using top frame origin (and also possibly the subframe origin) to prevent sites from using this cache to track users across sites.

Motivation

Currently, there's a per-profile cache of HTTP auth credentials. Per-origin HTTP auth credentials can be added to the auth cache either by embedding them in a URL, or by obtaining them from a user.  Credentials that are successfully used once are added to the cache.  Once in the cache, these credentials are automatically sent without user input.  This feature will partition the server entries in the cache using top frame origin (and also possibly the subframe origin) to prevent sites from using this cache to track users across sites. Proxy auth credentials will not be affected by this change - proxy credentials entered to load one top level site will automatically be used for others as well.

Documentation

Status in Chromium

Internals>Network>Auth


In developer trial (Behind a flag) (tracking bug) in:

  • Chrome for desktop release 80
  • Chrome for Android release 80

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signal
  • No signals

Owner

Search tags

HTTP auth, auth, authentication,

Last updated on 2020-10-25