New features for chrome and basic authentication via remote-debug: just for linking it here, so people who are stuck can find a solution for chrome and more: Chrome remote debugging in a seleniumgrid

There were some updates in this link as :

Chromium Issue 435547 Drop support for embedded credentials in subresource requests. (removed)

We should block requests for subresources that contain embedded credentials (e.g. "http://ima_user:hunter2@example.com/yay.tiff"). Such resources would be handled as network errors.

However, Basic Authentication functionality still works with Selenium 3.4.0, geckodriver v0.18.0, chromedriver v2.31.488763, Google Chrome 60.x and Mozilla Firefox 53.0 through Selenium-Java bindings.

Here is the example code which tries to open the URL http://the-internet.herokuapp.com/basic_auth with a valid set of credentials and it works.

Firefox:

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;

public class BasicAuthentication_FF 
{
    public static void main(String[] args) 
    {
        System.setProperty("webdriver.gecko.driver", "C:\\Utility\\BrowserDrivers\\geckodriver.exe");
        WebDriver driver =  new FirefoxDriver();
        driver.navigate().to("http://admin:admin@the-internet.herokuapp.com/basic_auth");
    }
}

Chrome:

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriver;
import org.openqa.selenium.chrome.ChromeOptions;

public class BasicAuthentication_Chrome 
{
    public static void main(String[] args) 
    {
        System.setProperty("webdriver.chrome.driver", "C:\\Utility\\BrowserDrivers\\chromedriver.exe");
        ChromeOptions options = new ChromeOptions();
        options.addArguments("start-maximized");
        options.addArguments("disable-infobars");
        options.addArguments("--disable-extensions");
        WebDriver driver =  new ChromeDriver(options);
        driver.navigate().to("http://admin:admin@the-internet.herokuapp.com/basic_auth");
    }
}

The basic authentication via url is blocked only for sub resources. So you could still use it on the domain:

driver.get("http://admin:admin@localhost:8080");
driver.get("http://localhost:8080/project");

You could also create a small extension to automatically set the credentials when they are requested:

options = webdriver.ChromeOptions()
options.add_extension(r'C:\dev\credentials.zip')

https://gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46

Florent B.'s approach of calling .get on the URL twice worked for me with a slight modification. In JS:

driver
        .get('http://admin:admin@localhost:8080')
        .then( () => driver.get('http://localhost:8080') )

working on google chrome 62.0.3202.94 with ChromeDriver 2.33.506092 and the approach seems compatible with firefox 56.0.2 with geckodriver 0.19.1, and phantomjs 2.1.1 all under Debian linux 9.

What I believe is happening is the first call sets up the Authorization header sent by the browser. The second call removes the credentials from the URL and the credentials no longer are applied to subresources. The then synchronizes the two requests ensuring order.