Re: [whatwg/fetch] Block subresource requests whose URLs include credentials. (#465) from Mike West on 2021-02-16 (public-webapps-github@w3.org from February 2021)

From: Mike West <notifications@github.com>
Date: Mon, 15 Feb 2021 23:27:17 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/465/c779643387@github.com>

I think we landed in a place where we block subresource loads whose URLs contain userinfo (https://codereview.chromium.org/2651943002), unless either:

a)  The subresource is being loaded via XHR (https://codereview.chromium.org/2808753003), or
b)  The page on which the subresource is loaded contained userinfo, and it matches the userinfo in the subresource (https://chromium-review.googlesource.com/530308).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/465#issuecomment-779643387

Received on Tuesday, 16 February 2021 07:27:30 UTC