Re: [whatwg/fetch] Block subresource requests whose URLs include credentials. (#465) from Sven-S. Porst on 2017-05-14 (public-webapps-github@w3.org from May 2017)

From: Sven-S. Porst <notifications@github.com>
Date: Sun, 14 May 2017 15:00:42 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/465/c301342939@github.com>

I found this via the message

> [Deprecation] Subresource requests whose URLs contain embedded credentials (e.g. `https://user:pass@host/`) are blocked. See https://www.chromestatus.com/feature/5669008342777856 for more details.

Chrome 60.0.3095.5 gave me when visiting a site with Basic-authentication. When loading the resources it contains (which do not have authentication information in their URLs in the markup) Chrome will not load them giving the explanation quoted above.

Like @ykraynov I wonder whether this is what you have in mind here or whether Chrome may be overdoing it here.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/465#issuecomment-301342939

Received on Sunday, 14 May 2017 22:01:15 UTC