You can take a look to the Streamed Downloads, see: https://laravel.com/docs/6.x/responses#file-downloads
It should be something like:
return response()->streamDownload($content, 'invoice_' . $invoice->number . '_' . $invoice->date . '.csv'');
Those are two questions. Tobias showed you how to stream it, but that won't solve the security problem. You should always check if the authenticated user should be able to access the page, same goes for downloads. If your question was if the user can acces the /storage folder, then the answer is no. A user can only access everything that is in the /public folder (if you configured your virtual host of your web server correctly).
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community