This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
This requires adding hooks in the URL specification for setting username and password. Because just setting them on the URL directly is wrong. Aside from null we should also ignore the empty string. And ignore password if username is either null or the empty string.
This also affects Fetch.
https://github.com/whatwg/xhr/commit/e98354ec072275b82314c67381622d16f8a69b0e
https://github.com/whatwg/fetch/commit/d699900add11588f35a1d6c74987f288f975f103