Home > Back-end >  Laravel: signed Url without appending data
Laravel: signed Url without appending data

Time:08-27

Is there any way to create a signed URL in Laravel(9.x) without appending the data as GET-parameter to the URL?

E.G.:

echo \URL::signedRoute('testpage', ['email' => '[email protected]']);

results into:

http://localhost:8000/[email protected]&signature=c845052c0301980b75ad02d6d151e3ea8275f1e1b977c148aa7f423505d99470

What I want to achieve (URL with only signature as parameter):

http://localhost:8000/testpage?signature=c845052c0301980b75ad02d6d151e3ea8275f1e1b977c148aa7f423505d99470

Some users might think it's weird to see their clear e-mail-address in a URL, and it could be a privacy issue.

CodePudding user response:

Signature is a hash not an encryption, you can't extract data from it, just compare it to the content.

You can either use their ID, wouldn't make much sense to them

echo \URL::signedRoute('testpage', ['subject' => $user->id]);

or encode the data

echo \URL::signedRoute('testpage', ['email' => \Illuminate\Support\Facades\Crypt::encryptString('[email protected]')]);

and decrypt it when needed

$email = \Illuminate\Support\Facades\Crypt::decryptString($email);

But if you go with encryption, the signature is no longer needed.

  • Related