Cloudflare Rulesets now includes encode_base64() and sha256() functions, enabling you to generate signed request headers directly in rule expressions. These functions support common patterns like constructing a canonical string from request attributes, computing a SHA256 digest, and Base64-encoding the result.
New functions
| Function | Description | Availability |
|---|---|---|
encode_base64(input, flags) | Encodes a string to Base64 format. Optional flags parameter: u for URL-safe encoding, p for padding (adds = characters to make the output length a multiple of 4, as required by some systems). By default, output is standard Base64 without padding. | All plans (in header transform rules) |
sha256(input) | Computes a SHA256 hash of the input string. | Requires enablement |
Examples
Encode a string to Base64 format:
encode_base64("hello world")Returns: aGVsbG8gd29ybGQ
Encode a string to Base64 format with padding:
encode_base64("hello world", "p")Returns: aGVsbG8gd29ybGQ=
Perform a URL-safe Base64 encoding of a string:
encode_base64("hello world", "u")Returns: aGVsbG8gd29ybGQ
Compute the SHA256 hash of a secret token:
sha256("my-token")Returns a hash that your origin can validate to authenticate requests.
Compute the SHA256 hash of a string and encode the result to Base64 format:
encode_base64(sha256("my-token"))Combines hashing and encoding for systems that expect Base64-encoded signatures.
For more information, refer to the Functions reference.
Source: Cloudflare
