← Back to release summary
Drop support for embedded credentials in subresource requests.
- Category
- Network / Connectivity
- Type
- New or changed feature
- Status
- Removed (Chrome 59)
- Intent stage
- None
Summary
We should block requests for subresources that contain embedded credentials (e.g. "http://ima_user:hunter2@example.com/yay.tiff"). Such resources would be handled as network errors.
Standards & signals
View on chromestatus.com