We should block requests for subresources that contain embedded credentials (e.g. "http://ima_user:hunter2@example.com/yay.tiff"). Such resources would be handled as network errors.

Specification

Specification link


Proposal in a personal repository, no adoption from community

Status in Chromium

Blink


Removed (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signal
  • No signals

Owners

Last updated on 2020-11-09