Enhance proxying and redirection specification for blob retrieval

buds/01.md

@@ -82,8 +82,22 @@ The endpoint MUST accept an optional file extension in the URL. ie. `.pdf`, `.pn
 Regardless of the file extension, the server MUST return the MIME type of the blob in the `Content-Type` header. If the
 server does not know the MIME type of the blob, it MUST default to `application/octet-stream`
 
-If the endpoint returns a `301` or `302` redirect it MUST redirect to a URL containing the same sha256 hash as the requested blob.
-This ensures that if a user was to copy or reuse the redirect URL it would still contain the original sha256 hash
+### Proxying and Redirection (Optional)
+
+If the endpoint returns a redirection 3xx status code such as 307 or 308 ([RFC 9110 section
+15.4](https://datatracker.ietf.org/doc/html/rfc9110#name-redirection-3xx)), it MUST redirect to a URL containing the
+same sha256 hash as the requested blob. This ensures that if a user copies or reuses the redirect URL, it will still
+contain the original sha56 hash.
+
+While the final blob may not be served from a Blossom server (e.g. CDN, IPFS, object storage, etc.), the destination
+server MUST set the `Access-Control-Allow-Origin: *` header on the response to allow cross-origin requests, as well as
+the `Content-Type` and `Content-Length` headers to ensure the blob can be correctly displayed by clients. Two ways to
+guarantee this are:
+
+1. Proxying the blob through the Blossom server, allowing it to override headers such as `Content-Type`.
+2. Manipulating the redirect URL to include a file extension that matches the blob type, such as `.pdf`, `.png`, etc. If
+the server is unable to determine the MIME type of the blob, it MUST default to `application/octet-stream` and MAY
+include a file extension in the URL that reflects the blob type (e.g. `.bin`, `.dat`, etc.).
 
 ### Get Authorization (optional)