Cannot remove 'content-disposition' header from proxied response.

[KerimG]

yarn why http-proxy-middleware OR npm ls http-proxy-middleware output (mask private folder names with *****)

$ npm ls http-proxy-middleware
[email protected] C:\Users\*\code\*
`-- [email protected]

Please verify that you've followed these steps

[ x] - I've updated to latest http-proxy-middleware.

Describe the bug

I am trying to use http-proxy-middleware to request PDF files from a server, because the server's response contains the

content-disposition: attachment; filename="somefile.pdf"

header. This forces the requesting browser to download the file instead of opening it in its PDF reader (see https://stackoverflow.com/questions/9195304/how-to-use-content-disposition-for-force-a-file-to-download-to-the-hard-drive)

I tried removing the header with

const express = require("express");
const { createProxyMiddleware } = require("http-proxy-middleware");

const app = express();

app.use(
  createProxyMiddleware({
    target: "https://httpbin.org",
    changeOrigin: true,
    onProxyRes: (proxyRes, req, res) => {
        delete proxyRes.headers['content-disposition'];
    },
  })
);

app.listen(8080, () => {
  console.log("🚀  server started");
  console.log(`↗️  example: "curl https://44oc1.sse.codesandbox.io/json"`);
});

as well as:

const express = require("express");
const { createProxyMiddleware } = require("http-proxy-middleware");

const app = express();

app.use(
  createProxyMiddleware({
    target: "https://httpbin.org",
    changeOrigin: true,
    onProxyRes: responseInterceptor(
      async (responseBuffer, proxyRes, req, res) => {
        delete proxyRes.headers['content-disposition'];
        return responseBuffer;
      }
    ),
  })
);

app.listen(8080, () => {
  console.log("🚀  server started");
  console.log(`↗️  example: "curl https://44oc1.sse.codesandbox.io/json"`);
});

Unfortunately, I couldn't make a fully working example because I don't know of any public servers that serve PDF with that 'content-disposition' header.

Expected behavior

I expected that the 'content-disposition' header would be removed from the proxy response allowing the PDF file to be displayed in the browser's PDF reader. What I see in the browser's dev tools though is that the header is still part of the response.

http-proxy-middleware configuration

see above

Server (please complete the following information):

• OS: Windows
• NodeJS version: 14.16.1

Additional context

Running console.log before and after delete proxyRes.headers['content-disposition'] prints the following:

{
  'content-disposition': 'attachment; filename="somefile.pdf"',
  etag: '"1620984981090-57231"',
  'accept-ranges': 'bytes',
  'content-range': 'bytes 0-57230/57231',
  'content-type': 'application/pdf',
  'content-length': '57231',
  date: 'Fri, 14 May 2021 09:36:21 GMT',
  connection: 'close'
}
{
  etag: '"1620984981090-57231"',
  'accept-ranges': 'bytes',
  'content-range': 'bytes 0-57230/57231',
  'content-type': 'application/pdf',
  'content-length': '57231',
  date: 'Fri, 14 May 2021 09:36:21 GMT',
  connection: 'close'
}

So it looks like the header is gone but in the network tab of the browser's dev tools, I still get to see this:

[chimurai]

Did you try disabling browser cache?

[chimurai]

I'm able to delete content-disposition header with:

express()
  .use(createProxyMiddleware({
    target: "https://demo.borland.com",
    changeOrigin: true,
    onProxyRes(proxyRes) {
      delete proxyRes.headers["content-disposition"];
    }
  }))
  .listen(8000)

https://demo.borland.com/testsite/download_testpage.php

original:

curl -X HEAD -I https://demo.borland.com/testsite/downloads/downloadfile.php\?file\=Hello.txt\&cd\=attachment+filename

http-proxy-middleware:

curl -X HEAD -I http://localhost:8000/testsite/downloads/downloadfile.php\?file\=Hello.txt\&cd\=attachment+filename

In the proxied response you'll see content-disposition: attachment; filename="Hello.txt" header is gone.

EDIT: reproducible example

[KerimG]

@chimurai

Yes, I did. My cache is practically always disabled when the DevTools are open:

Unfortunately, I didn't get to try your suggested solution, though I'm pretty sure I tried it in the exact same way. I will see if I can do another test run tomorrow or on Monday. Thank you