Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(102)

Issue 2651943002: Block subresource requests whose URLs include credentials. (Closed)

Created:
3 years, 11 months ago by Mike West
Modified:
3 years, 9 months ago
CC:
blink-reviews, chromium-reviews, gavinp+loader_chromium.org, Nate Chapin, loading-reviews_chromium.org, tyoshino+watch_chromium.org, Yoav Weiss
Target Ref:
refs/heads/master
Project:
chromium
Visibility:
Public.

Description

Block subresource requests whose URLs include credentials. Usage of the `http://user:pass@host/` pattern has [declined significantly in the last few years][1]. We've taken steps in this direction in the past (see the discussion in https://crbug.com/174179 and https://crbug.com/303046). My hope is that usage has decreased in the last ~2 years to the point where it makes sense to try again. Intent: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/lx-U_JR2BF0 [1]: https://www.chromestatus.com/metrics/feature/timeline/popularity/532 BUG=504300, 435547 Review-Url: https://codereview.chromium.org/2651943002 Cr-Commit-Position: refs/heads/master@{#459737} Committed: https://chromium.googlesource.com/chromium/src/+/8574b4d96720361e495573ac5868f845017f7aa7

Patch Set 1 #

Patch Set 2 : runtime #

Patch Set 3 : Compile first, then upload... #

Patch Set 4 : Tests. #

Patch Set 5 : Test. #

Patch Set 6 : Rebase. #

Patch Set 7 : Tests. #

Patch Set 8 : Test. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+154 lines, -248 lines) Patch
M third_party/WebKit/LayoutTests/TestExpectations View 1 2 3 4 5 6 7 1 chunk +4 lines, -0 lines 0 comments Download
A third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-event-redirect.https-expected.txt View 1 2 3 4 5 6 1 chunk +57 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/cachestorage/resources/credentials-iframe.html View 1 2 3 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/cachestorage/serviceworker/credentials.html View 1 2 3 1 chunk +4 lines, -4 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/fetch/script-tests/thorough/redirect-password.js View 1 5 chunks +15 lines, -44 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/inspector/network/network-xhr-replay.html View 1 2 3 4 5 6 1 chunk +8 lines, -8 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/inspector/network/network-xhr-replay-expected.txt View 1 2 3 4 5 6 2 chunks +8 lines, -9 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/location-href-clears-username-password.html View 1 2 3 4 5 6 1 chunk +6 lines, -9 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/location-href-clears-username-password-expected.txt View 1 2 3 4 5 6 1 chunk +0 lines, -1 line 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/security/resources/post-location-to-opener.html View 1 2 3 4 5 6 1 chunk +3 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-access-control.php View 1 2 3 1 chunk +6 lines, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-access-control-login.html View 1 2 3 4 1 chunk +12 lines, -12 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt View 1 2 3 4 5 6 1 chunk +0 lines, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/failed-auth.html View 1 2 3 4 5 6 2 chunks +6 lines, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/failed-auth-expected.txt View 1 2 3 4 5 6 1 chunk +3 lines, -3 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/logout.html View 1 2 3 4 5 6 1 chunk +0 lines, -56 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/logout-expected.txt View 1 2 3 4 5 6 1 chunk +0 lines, -9 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/null-auth.php View 1 2 3 4 5 6 1 chunk +8 lines, -4 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/null-auth-expected.txt View 1 2 3 4 5 6 1 chunk +4 lines, -3 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/remember-bad-password.html View 1 2 3 4 5 6 1 chunk +0 lines, -68 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/remember-bad-password-expected.txt View 1 2 3 4 5 6 1 chunk +0 lines, -13 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/workers/referer-expected.txt View 1 2 3 4 5 6 1 chunk +0 lines, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/workers/resources/referer-test.js View 1 2 3 4 5 6 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/Source/core/loader/FrameFetchContext.cpp View 1 2 3 4 5 1 chunk +4 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/platform/RuntimeEnabledFeatures.json5 View 1 2 3 4 5 1 chunk +4 lines, -0 lines 0 comments Download

Messages

Total messages: 42 (38 generated)
Mike West
WDYT about this, Jochen? Basically the same as the FTP one.
3 years, 10 months ago (2017-02-22 09:42:40 UTC) #19
jochen (gone - plz use gerrit)
lgtm
3 years, 10 months ago (2017-02-24 15:55:47 UTC) #23
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2651943002/140001
3 years, 9 months ago (2017-03-27 10:02:05 UTC) #38
commit-bot: I haz the power
3 years, 9 months ago (2017-03-27 10:08:03 UTC) #42
Message was sent while issue was closed.
Committed patchset #8 (id:140001) as
https://chromium.googlesource.com/chromium/src/+/8574b4d96720361e495573ac5868...

Powered by Google App Engine
This is Rietveld 408576698