Bypass blocking of subresource requests whose URLs contain embedded credentials

Question

I have been automatically authenticating users visiting our internal wiki via a link with a token in the URL like this:

href=\"https://user:pass@host/\"
         


        

Answer 1

Passing the command line option '--disable-blink-features=BlockCredentialedSubresources' restores the expected behavior. If you're using Selneium, you can pass it as an args option in the Browser Capabilities to restore the expected behavior.

PHP: 'chromeOptions' => array('args' => ['--disable-blink-features=BlockCredentialedSubresources']);

Python: capabilities['chromeOptions'] = {'args': ['--headless']}

According to the Chromium ticket (https://bugs.chromium.org/p/chromium/issues/detail?id=731618) this behavior may not be restored in future versions despite it being in 'Deprecation'. In this case, it might be best to look at ssh conduits for testing or whitelist the IP if possible to prevent the HTTP Auth interaction.

Anthony