No, my testing was not via XHR/fetch. Just direct request from the browser. I was making the assumption (maybe foolishly) that it wouldn't impact behavior because it's all at the network layer.
I saw that Firefox setting but left the default (at least for my install), which was not to autopick. On Tue, Jan 8, 2019 at 10:30 PM David Waite <da...@alkaline-solutions.com> wrote: > > Was your testing via XHR/fetch? > > FWIW, > > Firefox behavior is determined by a global pick automatically / prompt > every time flag. Details at https://wiki.mozilla.org/PSM:CertPrompt > > Safari on macOS relies on the keychain, where a record is created called > an Identity Preference. This is a URL (https or email) to preferred > certificate mapping. Previously, it would create this record the first time > a user selected a certificate, then never prompt again. > > Chrome seems to delegate to the underlying OS for certificate management, > so on the Mac it has this behavior as well. This means however that other > platforms may have different behaviors. > > Safari on iOS used to automatically select a single certificate match, if > the query was for a single client CA. I didn’t try with other small numbers > (2, 3, etc) but when exposing the list of all available CAs as valid client > CAs, it would prompt. This may not be the heuristic anymore, as knowing the > name of a client CA (such one issued as part of a cloud EMM deployment) > would allow certificates to be used for tracking. > > IE (pre-edge) would allow the behavior to use an automatic cert or prompt > to be configured per-zone, which would allow policy to send a device/user > identification certificate to a particular set of sites by default. I have > no experience with configuring Edge, unfortunately. > > -DW > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
