Invalidate credentials if the server rejects them.

net/http/http_auth.h

Index: net/http/http_auth.h
diff --git a/net/http/http_auth.h b/net/http/http_auth.h
index ef779a12948ac0b6a2dddf63722e5e6483690cbd..a8a27e3155e23770fcfc428ab7a84002af02c2d2 100644
--- a/net/http/http_auth.h
+++ b/net/http/http_auth.h
@@ -161,6 +161,21 @@ class HttpAuth {
       const std::set<Scheme>& disabled_schemes,
       std::string* challenge_used);
 
+  // Check whether cached credentials should be invalidated following
+  // a rejected pre-emptive authentication attempt.
+  //
+  // |headers| must be non-NULL and contain the new HTTP response.
+  //
+  // |target| specifies whether the authentication challenge response
+  // came from a proxy or a server.
+  //
+  // |handler| must be non-NULL and specifies the handler used to
+  // generate the preemptive authentication header.
+  static bool ShouldInvalidateRejectedAuth(
+      const HttpResponseHeaders* headers,
+      Target target,
+      HttpAuthHandler* handler);
+
   // Breaks up a challenge string into the the auth scheme and parameter list,
   // according to RFC 2617 Sec 1.2:
   //    challenge = auth-scheme 1*SP 1#auth-param