Index: content/public/common/content_features.cc |
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc |
index a7fcfae51462d1352f3224029136210965ec8dd0..3c53154fbb617fadd462716e2253118d358fbed4 100644 |
--- a/content/public/common/content_features.cc |
+++ b/content/public/common/content_features.cc |
@@ -14,6 +14,11 @@ namespace features { |
const base::Feature kAsmJsToWebAssembly{"AsmJsToWebAssembly", |
base::FEATURE_DISABLED_BY_DEFAULT}; |
+// Block subresource requests whose URLs contain embedded credentials (e.g. |
+// `https://user:pass@example.com/resource`). |
+const base::Feature kBlockCredentialedSubresources{ |
+ "BlockCredentialedSubresources", base::FEATURE_ENABLED_BY_DEFAULT}; |
+ |
// Enables brotli "Accept-Encoding" advertising and "Content-Encoding" support. |
// Brotli format specification: http://www.ietf.org/id/draft-alakuijala-brotli |
const base::Feature kBrotliEncoding{"brotli-encoding", |