If website has nginx restricted access by `auth_basic_user_file` $httpRequest->getUrl()->getAbsoluteUrl() returns path with auth parameters included
tkorcina opened this issue · 1 comments
tkorcina commented
Version: v3.1.6
Bug Description
When I use the $httpRequest->getUrl()->getAbsoluteUrl() on website on nginx with restricted basic authorization
(auth_basic_user_file directive with a path to the .htpasswd file) it returns the path with the login and unhashed password from the file.
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
Example:
.htpasswd file:
user1:$apr1$/woC1jnP$KAh0SsVn5qeSMjTtn0E9Q0
echo $httpRequest->getUrl()->getAbsoluteUrl() returns:
"https://user1:realWorkingPassword@www.example.com"