- Member | 27
I have a situation where I have URL and I want to add username and password to it (http://something.com → http://user:firstname.lastname@example.org). I looked to \Nette\Http\Url, where in class doc comment is “visualisation” of parts of URL – also with username and password.
So I thought, that I wil just create
new Nette\Http\Url($myUrlWithoutCredentials) and use
setPassword() methods and then by
converting object to string I will get the same Url as original, but with
But the result was same as original Url, because of this condition in \Nette\Http\Url on line 366 (third row in following code):
return $this->host === '' ? '' : ($this->user !== '' && $this->scheme !== 'http' && $this->scheme !== 'https' ? rawurlencode($this->user) . ($this->password === '' ? '' : ':' . rawurlencode($this->password)) . '@' : '') // ...
I do understand, that HTTP specification does not defines authentication via username:password (resp. it was marked as deprecated in RFC 3986), but what is confusing me is the doc comment in the Url class, that is is conflict with real implementation. Or is there any other (security?) reason why there is this mentioned condition, which does not allow to construct URLs with username and password?