Is there any way to create a signed URL in Laravel(9.x) without appending the data as GET-parameter to the URL?
E.G.:
echo \URL::signedRoute('testpage', ['email' => '[email protected]']);
results into:
http://localhost:8000/[email protected]&signature=c845052c0301980b75ad02d6d151e3ea8275f1e1b977c148aa7f423505d99470
What I want to achieve (URL with only signature as parameter):
http://localhost:8000/testpage?signature=c845052c0301980b75ad02d6d151e3ea8275f1e1b977c148aa7f423505d99470
Some users might think it's weird to see their clear e-mail-address in a URL, and it could be a privacy issue.
CodePudding user response:
Signature is a hash not an encryption, you can't extract data from it, just compare it to the content.
You can either use their ID, wouldn't make much sense to them
echo \URL::signedRoute('testpage', ['subject' => $user->id]);
or encode the data
echo \URL::signedRoute('testpage', ['email' => \Illuminate\Support\Facades\Crypt::encryptString('[email protected]')]);
and decrypt it when needed
$email = \Illuminate\Support\Facades\Crypt::decryptString($email);
But if you go with encryption, the signature is no longer needed.