Block subresource requests whose URLs include credentials.

Block subresource requests whose URLs include credentials.

Usage of the `http://user:pass@host/` pattern has [declined significantly
in the last few years][1]. We've taken steps in this direction in the past
(see the discussion in https://crbug.com/174179 and
https://crbug.com/303046). My hope is that usage has decreased in the last
~2 years to the point where it makes sense to try again.

Intent: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/lx-U_JR2BF0

[1]: https://www.chromestatus.com/metrics/feature/timeline/popularity/532

BUG=504300, 435547
Review-Url: https://codereview.chromium.org/2651943002
Cr-Commit-Position: refs/heads/master@{#459737}
Committed: https://chromium.googlesource.com/chromium/src/+/8574b4d96720361e495573ac5868f845017f7aa7

[Mike West, 2017-01-24 11:58:44]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-01-24 11:58:52]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-01-24 12:31:09]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-01-24 12:31:10]

Dry run: Try jobs failed on following builders:
  cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)

[Mike West, 2017-02-20 09:56:46]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-02-20 09:56:57]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-20 10:17:13]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-20 10:17:14]

Dry run: Try jobs failed on following builders:
  chromeos_amd64-generic_chromium_compile_only_ng on
master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_amd64-...)
  linux_chromium_tsan_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Mike West, 2017-02-20 10:34:17]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-02-20 10:34:48]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-20 11:55:15]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-20 11:55:16]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Mike West, 2017-02-21 10:00:25]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-02-21 10:00:37]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-21 11:13:03]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-21 11:13:04]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Mike West, 2017-02-22 09:42:07]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[Mike West, 2017-02-22 09:42:39]

mkwst@chromium.org changed reviewers:
+ jochen@chromium.org

[Mike West, 2017-02-22 09:42:40]

WDYT about this, Jochen? Basically the same as the FTP one.

[commit-bot: I haz the power, 2017-02-22 09:42:48]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-22 11:52:25]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-22 11:52:26]

Dry run: Try jobs failed on following builders:
  win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)

[jochen (gone - plz use gerrit), 2017-02-24 15:55:47]

lgtm

[Mike West, 2017-03-24 08:14:46]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-24 08:15:09]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-24 09:24:53]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-24 09:24:54]

Dry run: Try jobs failed on following builders:
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Mike West, 2017-03-24 13:50:02]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-24 13:50:20]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-24 15:13:54]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-24 15:13:55]

Dry run: Try jobs failed on following builders:
  linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[Mike West, 2017-03-27 07:57:53]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-27 07:58:05]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-27 09:36:05]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-27 09:36:06]

Dry run: This issue passed the CQ dry run.

[Mike West, 2017-03-27 10:01:49]

The CQ bit was checked by mkwst@chromium.org

[Mike West, 2017-03-27 10:01:49]

The patchset sent to the CQ was uploaded after l-g-t-m from jochen@chromium.org
Link to the patchset: https://codereview.chromium.org/2651943002/#ps140001
(title: "Test.")

[commit-bot: I haz the power, 2017-03-27 10:02:05]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2017-03-27 10:03:20]

Description was changed from

==========
Block subresource requests whose URLs include credentials.

Usage of the `http://user:pass@host/` pattern has [declined significantly
in the last few years][1]. We've taken steps in this direction in the past
(see the discussion in https://crbug.com/174179 and
https://crbug.com/303046). My hope is that usage has decreased in the last
~2 years to the point where it makes sense to try again.

Intent:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/lx-U_JR2BF0

[1]: https://www.chromestatus.com/metrics/feature/timeline/popularity/532

BUG=435547
==========

to

==========
Block subresource requests whose URLs include credentials.

Usage of the `http://user:pass@host/` pattern has [declined significantly
in the last few years][1]. We've taken steps in this direction in the past
(see the discussion in https://crbug.com/174179 and
https://crbug.com/303046). My hope is that usage has decreased in the last
~2 years to the point where it makes sense to try again.

Intent:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/lx-U_JR2BF0

[1]: https://www.chromestatus.com/metrics/feature/timeline/popularity/532

BUG=504300,435547
==========

[commit-bot: I haz the power, 2017-03-27 10:07:16]

CQ is committing da patch.

Bot data: {"patchset_id": 140001, "attempt_start_ts": 1490608909165250,
"parent_rev": "4a6245e626500c412e86e74e110542d33408e679", "commit_rev":
"8574b4d96720361e495573ac5868f845017f7aa7"}

[commit-bot: I haz the power, 2017-03-27 10:08:01]

Description was changed from

==========
Block subresource requests whose URLs include credentials.

Usage of the `http://user:pass@host/` pattern has [declined significantly
in the last few years][1]. We've taken steps in this direction in the past
(see the discussion in https://crbug.com/174179 and
https://crbug.com/303046). My hope is that usage has decreased in the last
~2 years to the point where it makes sense to try again.

Intent:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/lx-U_JR2BF0

[1]: https://www.chromestatus.com/metrics/feature/timeline/popularity/532

BUG=504300,435547
==========

to

==========
Block subresource requests whose URLs include credentials.

Usage of the `http://user:pass@host/` pattern has [declined significantly
in the last few years][1]. We've taken steps in this direction in the past
(see the discussion in https://crbug.com/174179 and
https://crbug.com/303046). My hope is that usage has decreased in the last
~2 years to the point where it makes sense to try again.

Intent:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/lx-U_JR2BF0

[1]: https://www.chromestatus.com/metrics/feature/timeline/popularity/532

BUG=504300,435547

Review-Url: https://codereview.chromium.org/2651943002
Cr-Commit-Position: refs/heads/master@{#459737}
Committed:
https://chromium.googlesource.com/chromium/src/+/8574b4d96720361e495573ac5868...
==========

[commit-bot: I haz the power, 2017-03-27 10:08:03]

Committed patchset #8 (id:140001) as
https://chromium.googlesource.com/chromium/src/+/8574b4d96720361e495573ac5868...