Hi,
We've implemented proxying the viewer requests to our own server to hide the access token. This is done as follows:
Options when calling Initializer
const options = {
env: 'AutodeskProduction',
shouldInitializeAuth: false,
endpoint: `${process.env.NEXT_PUBLIC_SITE_URL}/api/forge/viewer-proxy`,
api: 'derivativeV2',
};
And then a simple Hono route, inspired by one shared here
import { Hono } from 'hono';
import { AppEnv } from '../../../app';
import { withConstantAutodeskToken } from '../authentication';
const HEADER_WHITELIST = [
'if-modified-since',
'if-none-match',
'accept-encoding',
'x-ads-acm-namespace',
'x-ads-acm-check-groups',
];
export const viewerRouters = new Hono<AppEnv>().get(
'*',
withConstantAutodeskToken,
async (c) => {
const tokenRes = await c.var.getConstantAutodeskToken();
if (tokenRes.isErr()) {
return c.json({
error: tokenRes.error,
});
}
const token = tokenRes.value;
const proxyPath = c.req.path.replace(/^\/api\/forge\/viewer-proxy/g, '');
const headers: Record<string, string> = {
Authorization: `Bearer ${token}`,
};
for (const header of HEADER_WHITELIST) {
const headerVale = c.req.header(header);
if (headerVale) {
headers[header] = headerVale;
}
}
const url = `https://developer.api.autodesk.com${proxyPath}`;
return fetch(url, {
headers,
})
.then((resp) => resp.arrayBuffer())
.then((buff) => c.body(buff))
.catch((err) => {
console.error('ERROR');
return c.json({
error: err,
});
});
},
);
This works great except for pdf files, there I get hit with `Logger.js:188 invalid file header signature`. I tried to figure out which header this would be, forwarding almost all headers for both the proxied request and the response but to no avail. Hopefully someone can help me with figuring out what's going on here! Thanks in advance!