diff --git a/cdci_data_analysis/flask_app/app.py b/cdci_data_analysis/flask_app/app.py
index 41136b1d..8627ac8b 100644
--- a/cdci_data_analysis/flask_app/app.py
+++ b/cdci_data_analysis/flask_app/app.py
@@ -14,6 +14,8 @@
 import string
 import random
 import hashlib
+
+import requests
 import validators
 import re
 import logging
@@ -535,6 +537,36 @@ def resolve_job_url():
         return redirect(location, 302)
 
 
+@app.route('/load_frontend_fits_file_url')
+def load_frontend_fits_file_url():
+    par_dic = request.values.to_dict()
+    sanitized_request_values = sanitize_dict_before_log(par_dic)
+    logger.info('\033[32m===========================> load_frontend_fits_file_url\033[0m')
+
+    logger.info('\033[33m raw request values: %s \033[0m', dict(sanitized_request_values))
+
+    token = par_dic.pop('token', None)
+    app_config = app.config.get('conf')
+    secret_key = app_config.secret_key
+    output, output_code = tokenHelper.validate_token_from_request(token=token, secret_key=secret_key,
+                                                                  # TODO do we actually need a special role for this?
+                                                                  required_roles=None,
+                                                                  action="loading a fits file from the frontend via a URL")
+
+    if output_code is not None:
+        return make_response(output, output_code)
+
+    fits_file_url = par_dic.get('fits_file_url', None)
+
+    if fits_file_url is not None:
+        logger.info(f"Loading fits file from URL: {fits_file_url}")
+        response = requests.get(fits_file_url)
+        return Response(response.content, status=response.status_code, mimetype='application/octet-stream')
+    else:
+        logging.warning(f'fits_file_url argument missing in request: {par_dic}')
+        return make_response("fits_file_url arg not provided", 400)
+
+
 @app.route('/call_back', methods=['POST', 'GET'])
 def dataserver_call_back():
     sanitized_request_values = sanitize_dict_before_log(request.values)
diff --git a/tests/test_server_basic.py b/tests/test_server_basic.py
index 88f13826..25af7d2f 100644
--- a/tests/test_server_basic.py
+++ b/tests/test_server_basic.py
@@ -179,6 +179,31 @@ def test_empty_request(dispatcher_live_fixture):
     logger.info(jdata['config'])
 
 
+@pytest.mark.parametrize('fits_file_url', [ 'valid', 'invalid', 'empty'])
+def test_load_frontend_fits_file_url(dispatcher_live_fixture, fits_file_url):
+    server = dispatcher_live_fixture
+    print("constructed server:", server)
+
+    # let's generate a valid token
+    encoded_token = jwt.encode(default_token_payload, secret_key, algorithm='HS256')
+
+    if fits_file_url == 'valid':
+        fits_file_url = 'https://fits.gsfc.nasa.gov/samples/testkeys.fits'
+        output_status_code = 200
+    elif fits_file_url == 'invalid':
+        fits_file_url = 'https://fits.gsfc.nasa.gov/samples/aaaaaa.fits'
+        output_status_code = 404
+    else:
+        fits_file_url = None
+        output_status_code = 400
+
+    c=requests.get(os.path.join(server, 'load_frontend_fits_file_url'),
+                   params={'fits_file_url': fits_file_url,
+                           'token': encoded_token})
+
+    assert c.status_code == output_status_code
+
+
 def test_no_debug_mode_empty_request(dispatcher_live_fixture_no_debug_mode):
     server = dispatcher_live_fixture_no_debug_mode
     print("constructed server:", server)