Last Updated: 2024-11-21

We had an unsubscribe link that was secured via a hashed uuid added to the URL. This hash, unfortunately, sometimes contained slashes, and whenever it did, the Laravel router got confused, thinking the user had requested a different resource altogether (instead of the unsubscribe one). I tried calling urlencode on the hash, but the problem persisted. Apparently the Laravel router also cannot handle URL encoded hashes.

So I decided to encode it with base64 instead. This character set should be perfect for channels that are only reliable with text content (e.g. for HTTP), right? So I thought. What you really want is base64_urlsafe instead.

Normal base64 uses the following characters:

• A-Z (index 0-25)
• a-z (index 26-51)
• 0-9 (index 52-61)
• + and / (index 62 and 63)
• also = is used as padding

Of course, 3 characters, + and / and =, are used in URLs. Therefore the urlsafe version of base64 needs some modifications:

• + gets encoded as - and / is encoded as \_
• the padding character of = removed

Another solution, that works, is to take the normal base64 string, and then urlencode it using the standard tools, e.g. in Python / Ruby etc.

Lessons

• When working with hashes and HTTP, be sure to use base64_urlsafe otherwise the weird characters will cause problems.