Intent to Implement- Double-keyed HTTP cache
Summary: Currently Browsers are vulnerable to cache-timing attacks, commonly referred to as XS Leaks attacks. Starting with Firefox 70 we want to explore a double-keyed HTTP cache. Instead of solely using the origin of the resource, we will double key the HTTP Cache using the top-level origin. Using the top-level origin as the 2nd Key in the HTTP Cache allows to counterfeit XS Leaks and eliminates the ability of checking cache contents across Origins. Bug: Bugzilla 1536058 <https://bugzilla.mozilla.org/show_bug.cgi?id=1536058> Standard: https://github.com/whatwg/fetch/issues/904 Platform coverage: all platforms Estimated or target release: Firefox 70 Preference: The feature will be pref'd behind “browser.cache.cache_isolation” and disabled by default. Other browsers: webkit: shipped Chrome <https://bugs.chromium.org/p/chromium/issues/detail?id=910708>: implementing web-platform-tests: <none yet> Secure contexts: This feature isn’t restricted to Secure Contexts. Estimated or target release: Firefox 70 _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
