Timeline for Download a file from NodeJS Server using Express
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 25, 2020 at 13:36 | comment | added | Jossef Harush Kadouri | @summerNight and @1UC1F3R616 note that you are vulnerable to directory traversal attacks. for instance https://.../api?filename=../../../keys/my-secret-ssl-key.pem. to avoid that, you need to validate the query param | |
| Jul 24, 2020 at 16:24 | comment | added | summerNight | @1UC1F3R616 I ended up solving the problem like this: router.get(API_PREFIX + '/file-download', function (req, res, next) { var file = process.env.FILE_DOWNLOAD_LOCATION + '/' + req.query.filename res.download(file); }); | |
| Sep 20, 2017 at 17:13 | comment | added | Jossef Harush Kadouri | @summerNight - well, that is a different case than the question specified. search for nodejs proxy file download response for best practice | |
| Sep 20, 2017 at 15:37 | comment | added | summerNight | What if the data was coming in from a HTTP request instead of a file and we had to let users download the file in a streaming way? | |
| Jul 24, 2016 at 12:40 | history | answered | Jossef Harush Kadouri | CC BY-SA 3.0 |