0

Basically, I have an API endpoint that allows users to send a POST request to download a CSV file. The file is downloaded success but if I check the Preview/Response tab from Chrome Dev tool of this download request then the file's content is displayed here in human-readable (plain text) format.

Same results with both res.download() or res.sendFile() methods. I also configured https (Let's encrypt certificate) for both client and server domains, also additional SSL for Nodejs application.

I understand that these SSL configured will only prevent requests intercepted without encrypting the file's content in response data.

How can I download a file without displaying its content in the Preview/Response tab?

Any suggestion related to modifying Nodejs code or additional Nginx config will be appreciated.

Quang Tuyen Nguyen
  • 131
  • 2
  • 6
  • 2
    If the client is downloading the file, would you not expect them to be able to inspect the file eventually? – Pointy Apr 03 '23 at 13:24
  • Of course, users sure want to check their files. – Quang Tuyen Nguyen Apr 03 '23 at 13:25
  • 3
    You can't (there must be a duplicate around here somewhere so I won't make an answer) unless you encrypt the data using some non-SSL approach … but then if you want to do anything with it on the client you'll need to write code to decrypt it on the client … which means that you have to give that code to the user of the browser and it still won't be a secret. You can't give the browser data and keep the data secret from the owner of the browser. – Quentin Apr 03 '23 at 13:25

0 Answers0