Currently the WebProcess talks to libsecret for HTTP credentials. This is unacceptable and needs to be proxied through the UI layer which can limit password access by origin. See also how this was handled in Epiphany: https://gitlab.gnome.org/GNOME/epiphany/commit/68b0f85747a177047a7b49d839895aad54b05309
As part of this I want to rework how credentials are saved. Give the application a signal so it can save credentials in its own way. E.g. Epiphany should be able to put WebKitGTK+ passwords with all the user's Epiphany passwords. It doesn't make sense that just the few HTTP auth passwords are separated.
We've decided to trust the NetworkProcess for now and not sandbox it so this no longer applies.