Intent to Implement- Double-keyed HTTP cache


Currently Browsers are vulnerable to cache-timing attacks, commonly
referred to as XS Leaks attacks. Starting with Firefox 70 we want to
explore a double-keyed HTTP cache. Instead of solely using the origin of
the resource, we will double key the HTTP Cache using the top-level origin.
Using the top-level origin as the 2nd Key in the HTTP Cache allows to
counterfeit XS Leaks and eliminates the ability of checking cache contents
across Origins.

Bug:                  Bugzilla 1536058


Platform coverage:         all platforms

Estimated or target release:     Firefox 70

Preference:             The feature will be pref'd behind

     and disabled by default.

Other browsers:

webkit: shipped

Chrome <>:

web-platform-tests:         <none yet>

Secure contexts:          This feature isn’t restricted to Secure Contexts.
Estimated or target release:     Firefox 70
dev-platform mailing list

Reply via email to