Requests whose URLs contain embedded credentials blocked.


jquery-3.1.1.min.js:4 [Deprecation] Subresource requests whose URLs contain embedded credentials (e.g. https://user:pass@host/) are blocked. See for more details.

I am using Javascript for getting estimated arrival time.

I am using Chrome.

It works perfectly in Mozilla, though, but I have to make it work for Chrome.

Any ideas how I can fix that?



Unfortunately there isn’t a great way around that at present. Chrome recently started blocking requests of type user:password@url (mozilla is not doing that yet). We don’t recommend making requests that way as it will expose your username and apiKey to anyone viewing the source for your page. To protect your username/apiKey we recommend routing that request to your webserver and then having your webserver make the request in a more secure way (passing the response back to the browser).

We may at some point in the future enhance the key so that it can be restricted by referer or IP, but no definite plans for that are in place yet.


As I thought, thank you =)

I will do everything on the server-side then.