Enable blocking of subresource requests whose URLs include credentials.

content/public/common/content_features.cc

Index: content/public/common/content_features.cc
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
index a7fcfae51462d1352f3224029136210965ec8dd0..3c53154fbb617fadd462716e2253118d358fbed4 100644
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -14,6 +14,11 @@ namespace features {
 const base::Feature kAsmJsToWebAssembly{"AsmJsToWebAssembly",
                                         base::FEATURE_DISABLED_BY_DEFAULT};
 
+// Block subresource requests whose URLs contain embedded credentials (e.g.
+// `https://user:pass@example.com/resource`).
+const base::Feature kBlockCredentialedSubresources{
+    "BlockCredentialedSubresources", base::FEATURE_ENABLED_BY_DEFAULT};
+
 // Enables brotli "Accept-Encoding" advertising and "Content-Encoding" support.
 // Brotli format specification: http://www.ietf.org/id/draft-alakuijala-brotli
 const base::Feature kBrotliEncoding{"brotli-encoding",