I understand if this really considered an issue with an aws api not you but, I'd like to see what I can do. I've got to download using an s3 presigned url which gives the client permission over an amazon s3 object. Sadly you can only give permission one method at a time. Which wouldn't be a problem because all that is needed is a get request. But, since it is a cross origin request it will try a head request to check if cors is enabled. For now, I've just created a in house fork with an optional argument that turns off the cors check entirely. But, a better solution would be appreciated if possible.
The preferred way to download is just using the download attribute, that is not possible in all browser even if cors are enabled. The only option then is to try and download it with ajax and then save the blob.
So in your situation i would maybe just do
fetch(one_time_URL)
.then(res => res.blob())
.then(blob => saveAs(blob, 'filename'))
Even better would just be to try and redirect to the one-time-url if it contains a attachment disposition response header with a filename.
One of the reason for encountering this kind of issue
https://github.com/eligrey/FileSaver.js/issues/495#issuecomment-675986627
Most helpful comment
The preferred way to download is just using the download attribute, that is not possible in all browser even if cors are enabled. The only option then is to try and download it with ajax and then save the blob.
So in your situation i would maybe just do
Even better would just be to try and redirect to the one-time-url if it contains a attachment disposition response header with a filename.