New Feature
Description
Parse.File.getData() currently does not support useMasterKey or any authentication option. It always performs a plain HTTP fetch to the file URL without any auth headers.
This becomes a problem when the fileDownload server option is configured to restrict file downloads (e.g. enableForAuthenticatedUser: false). In that case, there is no SDK-level way to download a file with master key privileges — neither from Cloud Code nor from any server-side context.
Current Behavior
Parse.File.getData() performs a plain fetch(url) with no authentication- The
fileDownload restriction blocks the request if file downloads are disabled
- There is no option to pass
useMasterKey: true or any other auth option
Proposed Solution
Add support for useMasterKey in getData():
const data = await file.getData({ useMasterKey: true });When useMasterKey: true is passed in a server-side (Cloud Code) context, Parse Server should resolve the file through the files adapter directly (e.g. filesAdapter.getFileData(filename)) instead of making an HTTP request to the file URL. This approach:
- Bypasses the
fileDownload HTTP restriction internally, similar to how useMasterKey works for queries and other operations
- Avoids sending master key credentials over HTTP, which would be problematic when file URLs point to external services (e.g. S3, CloudFront)
- Is consistent with the existing
useMasterKey pattern used across the Parse SDK
Alternatives Considered
- Sending master key headers in the HTTP request: Risky because file URLs may point to external services (S3, CloudFront), which would leak credentials to third-party domains.
- Workaround with raw
fetch and manual headers: Works but requires consumers to manage trusted origin checks and credential handling themselves, which is error-prone.
Environment
- Parse Server: any version with
fileDownload support
- Parse JS SDK: current
New Feature
Description
Parse.File.getData()currently does not supportuseMasterKeyor any authentication option. It always performs a plain HTTPfetchto the file URL without any auth headers.This becomes a problem when the
fileDownloadserver option is configured to restrict file downloads (e.g.enableForAuthenticatedUser: false). In that case, there is no SDK-level way to download a file with master key privileges — neither from Cloud Code nor from any server-side context.Current Behavior
Parse.File.getData()performs a plainfetch(url)with no authenticationfileDownloadrestriction blocks the request if file downloads are disableduseMasterKey: trueor any other auth optionProposed Solution
Add support for
useMasterKeyingetData():When
useMasterKey: trueis passed in a server-side (Cloud Code) context, Parse Server should resolve the file through the files adapter directly (e.g.filesAdapter.getFileData(filename)) instead of making an HTTP request to the file URL. This approach:fileDownloadHTTP restriction internally, similar to howuseMasterKeyworks for queries and other operationsuseMasterKeypattern used across the Parse SDKAlternatives Considered
fetchand manual headers: Works but requires consumers to manage trusted origin checks and credential handling themselves, which is error-prone.Environment
fileDownloadsupport