One month down in 2025: How are your resolutions coming along? Check out how to get back on track here.
Forum Discussion
rightcelebrator
4 years agoHelpful | Level 6
Error 400 when trying to access file using "WinHttp.WinHttpRequest.5.1"
Hello, i am doing simple download utility for my clients. I am using Autohotkey.
The issue is that since 17.8.2021 the clients started to report that its not downloading from their dropbox anymore.
Here is what i am calling and what i am getting. Please help.
What was changed on dropbox that it stopped working.
What should i change to make it working. I am using ComObjCreate("WinHttp.WinHttpRequest.5.1") ....
The ?DL=1 links are not working anymore for download using this winhttp api.
I also discovered that when i call the same for preview links: "....previews.dropboxusercontent.com/p/thumb/ABSRubXGoK0T0W ...... " it is working without any issues.
REQUEST:
GET: https://www.dropbox.com/s/bmfd5izc0fv8jc6/OP.png?dl=1
Host: www.dropbox.com
Connection: Keep-Alive
Accept-Language: en-US,en;q=0.5
Accept: */*
Content-Length: 0
RESPONSE:
301
Cache-Control: no-cache,no-cache, no-store
Date: Wed, 18 Aug 2021 15:42:39 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Location: /s/dl/bmfd5izc0fv8jc6/OP.png
Server: envoy
Set-Cookie: locale=en; Domain=dropbox.com; expires=Mon, 17 Aug 2026 15:42:39 GMT; Path=/; secure
Set-Cookie: gvc=NjgxNzA3OTMzMTEwMTYyMDkwOTk3NzkzNTc0MjUyNzQxMDUyNzY%3D; expires=Mon, 17 Aug 2026 15:42:39 GMT; httponly; Path=/; secure
Set-Cookie: flash=; Domain=dropbox.com; expires=Wed, 18 Aug 2021 15:42:39 GMT; Path=/; secure
Set-Cookie: bang=; Domain=dropbox.com; expires=Wed, 18 Aug 2021 15:42:39 GMT; Path=/; secure
Set-Cookie: t=sIP_2tsVv4n2ct9cvOvi8ETy; Domain=dropbox.com; expires=Sat, 17 Aug 2024 15:42:39 GMT; httponly; Path=/; secure
Set-Cookie: __Host-js_csrf=sIP_2tsVv4n2ct9cvOvi8ETy; expires=Sat, 17 Aug 2024 15:42:39 GMT; Path=/; secure
Vary: Accept-Encoding
Content-Security-Policy: sandbox
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow, noimageindex
X-Xss-Protection: 1; mode=block
Accept-Encoding: identity,gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: ef975f2f23f940b6b557d6855c1c6f0a
301 Moved Permanently
The resource has been moved to /s/dl/bmfd5izc0fv8jc6/OP.png;
you should be redirected automatically.
************************************
REQUEST:
GET: https://www.dropbox.com/s/dl/bmfd5izc0fv8jc6/OP.png
Host: www.dropbox.com
Connection: Keep-Alive
Accept-Language: en-US,en;q=0.5
Accept: */*
Content-Length: 0
RESPONSE:
302
Cache-Control: no-cache,no-cache, no-store
Date: Wed, 18 Aug 2021 15:42:39 GMT
Content-Length: 320
Content-Type: text/html; charset=utf-8
Location: https://uc6835574c7e19727c00c34ae5e3.dl.dropboxusercontent.com/cd/0/get/BUeStGh9vB8j_qb2apbOI3Dbyz4Czpr9RwB7wIA-pG5LoCpXij3r1H4-uefM9C6xqHAB95zODn27KU4lenEHbuiLmpuCHG-w0YiVoRAL-6QrJszZtyVThYax5mOKplukx3pb0rtwg9qgp5ws0hxS4_ld/file?dl=1#
Server: envoy
Set-Cookie: __Host-logged-out-session=ChA0JAjzLnbKYt1fmPgrN5rAEO%2FU9IgGGi5BQTUwXzhfdzBybEY4OHAtNlVmM1ZIUjZCZV8xZUtLZm9YaDJWQTlPS0FydzJn; httponly; Path=/; secure
Vary: Accept-Encoding
Content-Security-Policy: sandbox
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 1; mode=block
Accept-Encoding: identity,gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: dae6a503de034db9ab3946639e3c2359
302 Found
The resource was found at https://uc6835574c7e19727c00c34ae5e3.dl.dropboxusercontent.com/cd/0/get/BUeStGh9vB8j_qb2apbOI3Dbyz4Czpr9RwB7wIA-pG5LoCpXij3r1H4-uefM9C6xqHAB95zODn27KU4lenEHbuiLmpuCHG-w0YiVoRAL-6QrJszZtyVThYax5mOKplukx3pb0rtwg9qgp5ws0hxS4_ld/file?dl=1#;
you should be redirected automatically.
************************************
REQUEST:
GET: https://uc6835574c7e19727c00c34ae5e3.dl.dropboxusercontent.com/cd/0/get/BUeStGh9vB8j_qb2apbOI3Dbyz4Czpr9RwB7wIA-pG5LoCpXij3r1H4-uefM9C6xqHAB95zODn27KU4lenEHbuiLmpuCHG-w0YiVoRAL-6QrJszZtyVThYax5mOKplukx3pb0rtwg9qgp5ws0hxS4_ld/file?dl=1#
Host: uc6835574c7e19727c00c34ae5e3.dl.dropboxusercontent.com
Connection: Keep-Alive
Accept-Language: en-US,en;q=0.5
Accept: */*
Content-Length: 0
RESPONSE:
400
Connection: close
Date: Wed, 18 Aug 2021 15:42:39 GMT
Content-Length: 14468
Content-Type: text/html
Server: envoy
Vary: Accept-Encoding
X-Dropbox-Response-Origin: local
<!DOCTYPE html>
<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Dropbox</title>
<link href="https://cfl.dropboxstatic.com/static/css/error.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="https://cfl.dropboxstatic.com/static/images/favicon.ico"/>
</head>
<body>..........
I found the reason and the solution.....
the last redirect location was:
https://uc6f15ff258e57f8afd9c4e5d97e.dl.dropboxusercontent.com/cd/0/get/BU0a9_vyDu1w8UAsQg0cnf9-yTQJDMCU4EqgojJU4cwU55xwOuPI3X7ljfhNtG1JGjRLDOj68jVzvOlOSD0HGhc85WJkq68qklFGmDWXgTVcgbaL51PSrNoui2R-b5Hmd-ds2DioeAkw7fxQo4ajtp-X/file?dl=1#
And for some reason the WinHttp.WinHttpRequest.5.1 have issue with the # at the end of the link. So I assume, that that is the change which Dropbox did in last 2 weeks.
For this reason i cannot use build in redirects inside the WinHttp.WinHttpRequest.5.1 object. And i need to redirect by the script.
winHttp.Option(6) = false
And then just remove the # from the link which i retrieve from location.
Which means that https://uc6f15ff258e57f8afd9c4e5d97e.dl.dropboxusercontent.com/cd/0/get/BU0a9_vyDu1w8UAsQg0cnf9-yTQJDMCU4EqgojJU4cwU55xwOuPI3X7ljfhNtG1JGjRLDOj68jVzvOlOSD0HGhc85WJkq68qklFGmDWXgTVcgbaL51PSrNoui2R-b5Hmd-ds2DioeAkw7fxQo4ajtp-X/file?dl=1was working.
So its resolved.Anyway it would be great if your server would not add the # to the location.
Curl was working and it helped me to find out that it also removed the # from the link.
Thank you for support.
- Greg-DB
Dropbox Staff
rightcelebrator Your thread was placed in the API section of the forum, but this issue doesn't appear to be related to the API itself. (Your sample isn't calling the actual Dropbox API, but rather is interacting with Dropbox shared links directly.) In addition, we can't offer help for Autohotkey or WinHttp.WinHttpRequest.5.1, as that's not made by Dropbox, but I'll try to offer whatever help I can.
First, is this issue still occurring for you now? I'm don't have Autohotkey/WinHttp.WinHttpRequest.5.1 available, but attempting to access your supplied link with dl=1 using curl works for me. Setting curl to follow redirects resulted in a final successful call with a 200 status code and the expected file data output.
- rightcelebratorHelpful | Level 6
Thank you. Yes the issue is still there.
You are right i am not using api as by the nature of the software which i am doing, its not possible to do as api.
I also do not expect that you would give support of Autohotkey.
And to use curl instead of com Object with Http.. is not an option for me. As you can see i followed the redirects as well but still got the 400 response.
I understand that curl is doing the job fine as well as any web browser.
I am wondering if there is any way which would tell me why i get the e400 from your server based on the requests which i posted.
And please understand that i was downloading from the Dropbox this way more then a year and suddenly it started to throw 400 a week ago.
It would maybe help to know, what was changed, or what is expected to be included inside the request so that it works again.- Greg-DB
Dropbox Staff
First, for reference, the Dropbox API does offer the ability to retrieve file data from a shared link (without using the "dl=1" option on the link itself), via the /2/sharing/get_shared_link_file endpoint. You may want to look into whether or not that suits your use case.
Anyway, I don't know off hand what may have changed here, but I'll try to help however I can. Is the output you shared here the most verbose output you can get from your client? Unfortunately it doesn't offer anything I can use to track this down specifically. For instance, the final failing response doesn't contain a 'X-Dropbox-Request-Id' (though that may not be useful even if it were included since it's not an actual API request anyway).
In any case, I tried replicating the final call manually using curl, by sending the specific headers like shown in your output, but the request still worked. Are you able to manually reproduce this using curl by any chance? It would serve as a useful reference if you can, just for the sake of troubleshooting.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,949 PostsLatest Activity: 3 hours ago
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!