Sigh. Of course it is.
This is what comes of too many sleepless nights. Yes, of course both the . and the / characters must be non-encoded — though I’m sure back in early internet days I saw encoded %2F get treated as / (“create no bad data; deal with all the bad data you receive”).
BTW, FWIW, | is old-school ASCII: 007C; there must be some other determinant as to whether a character should be URL-encoded or not.
Thanks for your patient help, esp. during what’s probably your busiest week of the year!