I am creating an application where users can download a huge file/s (around 8GB, depending on the user). The file must be password protected, so a GET request with a param isn't ideal.
Using .blob() on the response leads to RAM issues if the file is too big.
I also checked https://github.com/jimmywarting/StreamSaver.js but I would prefer something more "official" if possible.
How do websites like TransferXL or WeTransfer achieve this ?
Authentication is traditionally done on the server side with an App Server (like PHP), where the user goes to a page and enters their user name and password. If the password matches, the App Server creates a session cookie (if one hasn't been previously created) and adds the user id as "signed in".
This is what I recommend to you, as JavaScript is too insecure.