browse remote zip files without downloading them
we send a HEAD request to the url to check if the server supports Accept-Ranges: bytes. this tells us we can request specific byte ranges instead of downloading the entire file. we also detect whether the connection uses HTTP/2 for multiplexed requests.
zip files store their table of contents (the "central directory") at the end of the file. we use a range request to fetch just the last 16 KB, which contains the end-of-central-directory record. from that, we learn where the full directory listing lives and fetch it — typically a few KB even for archives with thousands of files.
we parse every entry in the central directory — file names, sizes, compression methods, offsets — and build an interactive file tree. at this point we've downloaded a tiny fraction of the archive but can see everything inside it.
when you pick files, we send targeted range requests for just those files' byte ranges. each request fetches the local file header + compressed data. on HTTP/2, all requests are multiplexed over a single connection for maximum speed.
compressed files are inflated client-side using fflate (a fast, pure-js deflate implementation). every file is verified against its CRC-32 checksum from the central directory to ensure integrity. then it's offered as a browser download.
browsers block cross-origin requests by default. when the zip file is on a different domain, requests are routed through a lightweight cloudflare worker that forwards range headers and adds the necessary cors headers. same-origin requests skip the proxy entirely.
everything runs in your browser. no file data touches our servers — the cors proxy only streams bytes through, never stores them. zip64 archives (>4 GB) are supported.