-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for base64url format #26512
Comments
/cc @nodejs/buffer I think this has come up a few times now – basically, I think so far the answer was that this is easy to implement in userland, and Node.js is generally careful about adding support for new encodings? |
I understand, but in the order hand, Node.js already supports https://nodejs.org/api/buffer.html#buffer_buffers_and_character_encodings
It would be better to have the explicit Also, many libraries relies on built-in Node.js encodings. And many times we cannot use https://webpack.js.org/configuration/output/#outputhashdigest
This feature is easy to implement in userland, but I think we must think about adding it natively to Node.js because:
My english is not very good, but I hope you get the point of my argumentation. |
I've no strong feelings about the feature pro or con, but the Buffer API has asymetric support for
It would be easier to call it a "do in userland" if node didn't support it all, but since we half-support it, its a little less clear to me what the right thing to do is. |
Base64url is highly pragmatic for web (and filesystem) applications so I do think there is a good argument for including it in node. It is also not easy to implement in user-land efficiently (e.g. string search and replace with regexes) and would be much faster if the safe chars were simply part of the encoding alphabet. As for the trailing padding characters, technically I believe the padding would be required by the standard but in practice I suspect it would often not be useful for applications involving base64url. So there's a correctness vs pragmatism debate there. It could perhaps be offered as a variant of base64url:
One alternative would be if there were a more direct way to configure both the encoding alphabet and/or padding behavior of the base64 encoder, such as an object that could be passed into Buffer or toString or similar call:
or
|
I'm opposed to omitting the padding or changing the signature of any stable Buffer methods. The relevant RFCs make clear that the padding MUST NOT be omitted in the general case, even if the data length might be known to the caller; the If you want to omit or sanitize the padding characters and know the data length, use the extended signature with That said, |
Lines 694 to 698 in f0d2df4
Why repect determine base64? |
@hezedu It is trying to avoid the |
Maybe, but it's inefficient. You convert to base64, then loop thru again to convert base64 to base64url? We can appeal to authority and checkout other frameworks/language libraries and see how many support this encoding as a first class citizen. It's a lot. |
Is there any update on this feature because it's pretty inefficient to use the regex method everytime when one of the main uses of base64 is in urls and cookies, for example - golang supports this feature in the encodedString := base64.URLEncoding.EncodeToString(bytesArray) Would it be too difficult to just add another if statement to the |
I recently added support at a low level used by the web crypto stuff. Wouldn't take too much to extend it to the js api. |
You can check whether it's natively supported or not during runtime using if (Buffer.isEncoding('base64url')) {
// ...
} |
thank you for landing |
new Buffer(str, "base64")
officially accepts both RFC 3548 (+
,/
) encoding as well as RFC 4648 (-
,_
) encoding (see #5239 and #5243).To base64 encode a buffer using RFC 3548 we can actually do
buffer.toString("base64")
.Would it be possible to also natively support RFC 4648 format using
buffer.toString("base64url")
?If yes, should we strip trailing
=
characters as they are unnecessary and potentially harmful used in an URL?The text was updated successfully, but these errors were encountered: