Block subresource requests whose URLs include credentials.

third_party/WebKit/LayoutTests/http/tests/security/location-href-clears-username-password.html

Index: third_party/WebKit/LayoutTests/http/tests/security/location-href-clears-username-password.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/location-href-clears-username-password.html b/third_party/WebKit/LayoutTests/http/tests/security/location-href-clears-username-password.html
index 74f7decd88dabe26e7c47cf0c0cdc99c1b5ae3d7..87fc32b9652e579a3c1da161d08a66a04e7093f7 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/location-href-clears-username-password.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/location-href-clears-username-password.html
@@ -8,23 +8,20 @@ window.onload = function()
     {
         testRunner.dumpAsText();
         testRunner.waitUntilDone();
+        testRunner.setCanOpenWindows(true);
     }
 
-    var div = document.getElementById('div1');
-    var frame = document.createElement('iframe');
-    frame.setAttribute('src', 'http://_username:_password@' 
-        + location.host + '/security/resources/blank.html');
-    document.body.appendChild(frame);
-
-    frame.onload = function() {
-        var href = frame.contentWindow.location.href;
+    window.addEventListener("message", e => {
+        var href = e.data.location;
         if (href.indexOf('_username') === -1 &&
             href.indexOf('_password') === -1) {
             alert('PASS');
         }
         if (window.testRunner)
             testRunner.notifyDone();
-    }
+    });
+
+    var w = window.open('http://_username:_password@127.0.0.1:8000/security/resources/post-location-to-opener.html');
 }
 </script>
 </head>