Thanks for filing the issue...

@reporter: Could you please provide sample URL that reproduces the issue so that it would be really helpful in triaging the issue.

Not sure if CORS is at all relevant here, though leaving the label, just in case Adam knows something I don't.

Can you include the variations from chrome://variations ?

Adding back CORS. The issue is that Chrome 'used' to violate the CORS spec by sending client certs on anonymous requests (and may have involved prompting). It's unclear whether this was intentional change in spec conformance or something else.

It's also possible that the same thing is affecting b/120149384 (on an internal Google site). A net log has been provided on that bug thread.

Please include a NetLog as per https://www.chromium.org/for-testers/providing-network-details 

I built a test server that always requires a client cert (but will accept any), and on requests to /xhr_test will send an Access-Control-Allow-Origin header with value *. On a separate origin (scheme was file - I didn't bother spinning up a webserver), I loaded a page that made an XHR request to that endpoint. In both 72.0.3610.2 and 72.0.3622.0 (debug builds, fresh profiles), I got the certificate selector pop-up, and the XHR was successful. I tested 72.0.3622.0 with the network service enabled and disabled.

I searched through the git log of revisions between 72.0.3610.2 and 72.0.3622.0 for "cert" to see if there's anything obvious that might affect this. https://chromium-review.googlesource.com/c/chromium/src/+/1290435 is related to client certs, but without a repro I don't know whether it's related to this issue.

OP: Please include a net log as per comment #9 or we'll have to close this bug.

Archived due to lack of activity. Please feel free to reopen when you have net logs collected which is requested in comment #9.