commit | 8574b4d96720361e495573ac5868f845017f7aa7 | [log] [tgz] |
---|---|---|
author | mkwst <mkwst@chromium.org> | Mon Mar 27 10:07:10 2017 |
committer | Commit bot <commit-bot@chromium.org> | Mon Mar 27 10:07:10 2017 |
tree | 88da4d775c99914836cbac680a1acac6f9078620 | |
parent | 4a6245e626500c412e86e74e110542d33408e679 [diff] |
Block subresource requests whose URLs include credentials. Usage of the `http://user:pass@host/` pattern has [declined significantly in the last few years][1]. We've taken steps in this direction in the past (see the discussion in https://crbug.com/174179 and https://crbug.com/303046). My hope is that usage has decreased in the last ~2 years to the point where it makes sense to try again. Intent: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/lx-U_JR2BF0 [1]: https://www.chromestatus.com/metrics/feature/timeline/popularity/532 BUG=504300,435547 Review-Url: https://codereview.chromium.org/2651943002 Cr-Commit-Position: refs/heads/master@{#459737}