Currently repo (source/collection) version exports are stored in S3/Azure object storage. When the request is made via OCL to download these, OCL returns a link and S3/Azure file link.
We are working towards making it more secure. Rather than redirecting the requests to S3/Azure (or providing its file link directly), we are going to be streaming the export file.
Ideally, nothing should change in any ETL scripts. Browser-based clients may need to change a bit while handling the response of Export API to not redirect but download the blob.
This behavior is currently under test in our DEV environment.
More discussion on this is in this ticket
Please add/suggest any comments/feedbacks/concerns.