http If website has nginx restricted access by `auth_basic_user_file` $httpRequest->getUrl()->getAbsoluteUrl() returns path with auth parameters included

If website has nginx restricted access by `auth_basic_user_file` $httpRequest->getUrl()->getAbsoluteUrl() returns path with auth parameters included

Open tkorcina opened this issue 3 years ago • 1 comments

Version: v3.1.6

Bug Description

When I use the $httpRequest->getUrl()->getAbsoluteUrl() on website on nginx with restricted basic authorization (auth_basic_user_file directive with a path to the .htpasswd file) it returns the path with the login and unhashed password from the file.

https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

Example:

.htpasswd file:

user1:$apr1$/woC1jnP$KAh0SsVn5qeSMjTtn0E9Q0

echo $httpRequest->getUrl()->getAbsoluteUrl() returns:

"https://user1:[email protected]"

Aug 18 '22 15:08 tkorcina

This might have been already fixed in master https://github.com/nette/http/pull/211

Aug 22 '22 08:08 JanTvrdik

http http copied to clipboard

If website has nginx restricted access by `auth_basic_user_file` $httpRequest->getUrl()->getAbsoluteUrl() returns path with auth parameters included

Bug Description

Example:

http
http copied to clipboard