Always return text/plain from /api/proxy

NextResponse (underlying Response) will attempt to auto detect the content type based on the passed blob. With this change the auto detection is disabled and we always return text/plain. It does not change functionality but it adds an extra safegaurd to ensure we never return HTML/JavaScript from the proxy endpoint.

Author: ulrikandersen

src/app/api/proxy/route.ts

@@ -30,7 +30,7 @@ export async function GET(req: NextRequest) {
     const maxBytes = maxMegabytes * 1024 * 1024
     const fileText = await downloadFile({ url, maxBytes, timeoutInSeconds })
     checkIfJsonOrYaml(fileText)
-    return new NextResponse(fileText, { status: 200 })
+    return new NextResponse(fileText, { status: 200, headers: { "Content-Type": "text/plain" } })
   } catch (error) {
     if (error instanceof Error == false) {
       return makeAPIErrorResponse(500, "An unknown error occurred.")