https -- works in IDE & Standalone, does not work in web browser

Context

I'm doing some work that involves calling into foursquare's API which requires HTTPS basic auth to get certain information.

We've previously done some work like this before, but it didn't involve unity. In the past with standard .NET (no Unity3D/Mono), we just created a standard web request, encoded the username and password and added it to the request header -- it all worked fine.

Enter Unity3D and the WWW class

However, since there's no way to programmatically set HTTP headers using the WWW class while doing a GET (correct me if I'm wrong) and we must run in the web player, I just did something like the following as a stopgap:

private static string CreateBaseUrl(string _username, string _password)
{
    return string.Format("{0}{1}:{2}@{3}", "https://", WWW.EscapeURL(_username), WWW.EscapeURL(_password), "api.foursquare.com/");
}

I then use this as my base url for accessing foursquare, then tack on the request information as you'd expect. E.g.:

public WWW RequestFullVenueDetails(VenueId _id)
{
    string url = string.Format("{0}{1}?vid={2}", m_baseUri, VenueUri, _id.Value);
    return new WWW(url);
}

In a standalone build and when running from the IDE it functions perfectly. I get back information about my foursquare account that requires authentication. For example, there is a "beenhere" value that tells you whether the authed account has ever checked into a venue.

The Web Player...

However, when I run it in the web player, the calls appear to work fine, but I don't get any of the extra information that should be returned when authenticated (i.e. it's behaving like an unauthenticated request, so the "have I been here?" data is missing, amongst other things).

When I examine the output using fiddler, it says the request has no auth header. If I deliberately enter an incorrect password, the request will return an error, so I don't understand why it's failing to return the data that requires authentication since my username and password must be correct.

Does anyone have any idea why the web player is behaving differently and what I can do to fix the problem? This is just rough and ready experimentation so I'd rather not have to figure out how to use OAuth or anything more complicated for the moment.

Possibly related: WWW support is broken

Cheers.

UnityWeb might help you. It now supports HTTPS.