Cloudflare Rulesets now includes encode_base64() and sha256() functions, enabling you to generate signed request headers directly in rule expressions. These functions support common patterns like constructing a canonical string from request attributes, computing a SHA256 digest, and Base64-encoding the result.
New functions
| Function | Description | Availability |
|---|---|---|
encode_base64(input, flags) | Encodes a string to Base64 format. Optional flags parameter: u for URL-safe encoding, p for padding (adds = characters to make the output length a multiple of 4, as required by some systems). By default, output is standard Base64 without padding. | All plans (in header transform rules) |
sha256(input) | Computes a SHA256 hash of the input string. | Requires enablement |
Examples
Encode a string to Base64 format:
encode_base64("hello world")Returns: aGVsbG8gd29ybGQ
Encode a string to Base64 format with padding:
encode_base64("hello world", "p")Returns: aGVsbG8gd29ybGQ=
Perform a URL-safe Base64 encoding of a string:
encode_base64("hello world", "u")Returns: aGVsbG8gd29ybGQ
Compute the SHA256 hash of a secret token:
sha256("my-token")Returns a hash that your origin can validate to authenticate requests.
Compute the SHA256 hash of a string and encode the result to Base64 format:
encode_base64(sha256("my-token"))Combines hashing and encoding for systems that expect Base64-encoded signatures.
For more information, refer to the Functions reference.
Source: Cloudflare
Latest Posts
- (Updated) Microsoft 365 Copilot: Navigation refresh in the M365 Copilot app [MC1187677]
- Microsoft 365 Copilot for Sales – Engage prospects faster with Sales Agent-enriched leads [MC1231406]
- (Updated) Migration update for Office 365 connectors retirement in Teams – webhook URL support [MC1181996]
- AWS Backup adds cross-Region database snapshot copy to logically air-gapped vaults
