Interface DownloadRelayerCallbacks

Download relayer callbacks for proxying CORS-restricted downloads.

Provides a callback to proxy download requests through your application server when direct browser access fails due to CORS restrictions (e.g., Google Drive).

IMPORTANT SECURITY REQUIREMENTS for your proxy endpoint:

MUST block requests to private/internal IPs (SSRF protection)
SHOULD NOT restrict domains (files can be hosted anywhere)

Example: Client-side implementation:

const downloadRelayer: DownloadRelayerCallbacks = {
  async proxyDownload(url) {
    const response = await fetch('/api/proxy', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ url })
    });
    return response.blob();
  }
};

Example: Server-side proxy endpoint (Next.js):

// /api/proxy/route.ts
import { promises as dns } from 'dns';
import { isIPv4 } from 'net';

async function handleProxy(url: string) {
  const { hostname } = new URL(url);

  // Resolve hostname to IP (handle localhost specially)
  const ip = hostname === 'localhost' ? '127.0.0.1' :
             isIPv4(hostname) ? hostname :
             await dns.lookup(hostname).then(r => r.address);

  // SSRF Protection: Block private/internal IPs
  if (isIPv4(ip)) {
    const [a, b] = ip.split('.').map(Number);
    if (a === 10 || a === 127 || a === 0 ||
        (a === 172 && b >= 16 && b <= 31) ||
        (a === 192 && b === 168) ||
        (a === 169 && b === 254) ||
        a >= 224) { // Also block multicast/reserved
      return new Response('Private/internal addresses not allowed', { status: 403 });
    }
  }

  // Proxy the request
  const response = await fetch(url, { redirect: 'manual' });

  // Handle redirects (with recursion limit)
  if (response.status >= 301 && response.status <= 308) {
    const location = response.headers.get('location');
    if (location) return handleProxy(new URL(location, url).href);
  }

  const data = await response.arrayBuffer();
  return new Response(data, {
    headers: {
      'Content-Type': response.headers.get('content-type') || 'application/octet-stream',
      'Access-Control-Allow-Origin': '*'
    }
  });
}

interface DownloadRelayerCallbacks {
proxyDownload: (url: string) => Promise<Blob>;
}

Index

Properties

proxyDownload

Properties

proxyDownload

proxyDownload: (url: string) => Promise<Blob>

Proxy a download request through your application server

Type Declaration

- (url: string): Promise<Blob>
- Parameters
  - url: string
    The URL to download from
  Returns Promise<Blob>
  Promise resolving to the downloaded content as a Blob

Interface DownloadRelayerCallbacks

Example: Client-side implementation:

Example: Server-side proxy endpoint (Next.js):

Index

Properties

Properties

proxyDownload

Type Declaration

Parameters

Returns Promise<Blob>

Settings

On This Page