Stress cases for the tshark capture path. Check the worker logs for the "captured via tshark" vs "re-download fallback" line on each.
Each load uses a fresh token, so the PDF cannot come from Chrome's cache. If capture succeeds via tshark here, embed/object PDFs are token-safe and the demo's earlier f=0 was a caching artifact. If it falls back to re-download, the plugin fetch is genuinely not observable.
The URL 404s after the viewer's fetches are exhausted. tshark captures from the observed load (no re-request) → success. A re-download fallback would hit a 404 → no file. So capture succeeding proves the token-safe tshark path was used.
Open single-use-token PDF (same tab)Exceeds the old 10 MB body cap. Tests full reassembly to disk and that the captured file is byte-complete (not truncated).
Open 15 MB PDF (same tab)