Drop an HTML file, get a shareable link. Built for sharing AI-generated HTML artifacts (specs, prototypes, review documents) with stakeholders.
npm install
cp .env.example .env.local
# Fill in S3 credentials and ADMIN_PASSWORD in .env.local
npm run devcurl -X POST https://drop.coderpush.com/api/upload \
-F "file=@my-spec.html"With optional metadata:
curl -X POST https://drop.coderpush.com/api/upload \
-F "file=@tpb-sdk-spec-normalization.html" \
-F "owner=harley@coderpush.com" \
-F "project=tpb-sdk"Response:
{
"ok": true,
"slug": "k3x9m2pq",
"url": "https://drop.coderpush.com/k3x9m2pq",
"raw_url": "https://drop.coderpush.com/api/raw/k3x9m2pq",
"filename": "tpb-sdk-spec-normalization.html",
"project": "tpb-sdk",
"size": 41302
}curl https://drop.coderpush.com/api/files
curl https://drop.coderpush.com/api/files?project=tpb-sdkcurl -X DELETE https://drop.coderpush.com/api/files/k3x9m2pq \
-H "X-Admin-Key: YOUR_ADMIN_PASSWORD"Filenames are auto-grouped by project prefix. Segments before the first descriptive word (spec, design, review, plan, etc.) become the project name:
tpb-sdk-spec-normalization.html->tpb-sdkclaw-integration-flow.html->claw
Override with the project form field on upload.
Set env vars in Vercel (see .env.example), then:
vercel --prod- Uploaded HTML is served in a sandboxed iframe (
sandbox="allow-scripts", noallow-same-origin) - Raw serve route sets
connect-src 'none'CSP (no outbound network from uploaded HTML) - S3 bucket is private; all access through API routes
- Admin delete requires
X-Admin-Keyheader matchingADMIN_PASSWORD