We should fail the HTTP authentication silently for sub-resources instead of prompting the user for credentials. Internal PR: 160859. There's another upstreaming Bug: https://bugs.webkit.org/show_bug.cgi?id=91964 which tries to introduce an "webkitBackgroundRequest" attribute to make XHR fail silently, but that idea is not approved. The right solution is just fail silently unconditionally for sub-resources.
Created attachment 156614 [details] Patch
Comment on attachment 156614 [details] Patch Determined in offline discussion that this is a bit dangerous to do just yet.
Created attachment 156742 [details] New approach
Comment on attachment 156742 [details] New approach LGTM
(In reply to comment #4) > (From update of attachment 156742 [details]) > LGTM Based on our offline discussion, do you still believe so?
(In reply to comment #5) > (In reply to comment #4) > > (From update of attachment 156742 [details] [details]) > > LGTM > > Based on our offline discussion, do you still believe so? Yep.
Comment on attachment 156742 [details] New approach Ok.
Comment on attachment 156742 [details] New approach Clearing flags on attachment: 156742 Committed r124894: <http://trac.webkit.org/changeset/124894>
All reviewed patches have been landed. Closing bug.