Shared File Link Issues

Sorry about that...   So here's a working HEAD request that returns 200 for us with another Shared Image File:

Hi mbvistaprint,

Hah... 😁 One more bug... 🤷 It's definitely not the same like the one I linked to before.

Here as far as I can see Dropbox server gets confused from Accept-Encoding header. You haven't posted you query, but most probably there your web client pushed all supported encodings. What seems confusing to Dropbox (I have no idea why - just bug). Let's hope that will get solved soon.

You can workaround (temporary, at least) by putting within your request a header like:

Accept-Encoding: identity

That's it. 😉

Good luck.

Greg-DB, I have no idea what's going on, but such bugs are "raining" one after other!? Maybe it's asking better QA... 🧐

Edit: mbvistaprint  my error. You have posted it. And as expected:

---

mbvistaprint wrote:
...

• • • accept-encoding:"gzip, deflate"

...

---

Force replace it! 😉

Thank you Здравко

That definitely got us something. 🙂      So using the identity encoding with the dl=1 url we get back a response at least.    However, I'm still not seeing any "content-length"... It's just empty.... though I do see a "X-Dropbox-Content-Length: 4006971" which looks like it's probably the right value... it's just being provided in the way we're expecting.

mbvistaprint You mentioned both "dl=0" and "dl=1". For clarity, which one are you actually using in your app? For reference, using "dl=0" would only give you the HTML preview page, not the actual file, so that's presumably not what you want. Using "dl=1" would give you the actual file, but would require the client follow one or more redirects first.

It's not clear why you're not getting a response though, and I can't reproduce that. I just tried a HEAD request on your sample link with "dl=1" sending the same request headers you specified for that one and I do get the expected redirects and successful response (that is, a 301, then a 302, then a 200).

---

Greg-DB wrote:

... I just tried a HEAD request on your sample link with "dl=1" sending the same request headers you specified for that one and I do get the expected redirects and successful response (that is, a 301, then a 302, then a 200).

---

Hmm... 🤔 And what about the "content-length" with "the same request headers"? Take a look! Repeat again without gzip. 🙂

Hi,

When I test this in Postman I can only get a response when adding the "Accept-Encoding: Identity" parameter.    But even still I don't get a content-length returned.

-Melissa

Hmm... In such a case I'm up to here. In my test when transfer encoding is off (i.e. set to Identity) "content-length" comes up:

x-content-security-policy: sandbox
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noimageindex
x-server-response-time: 46
x-webkit-csp: sandbox
content-type: application/json
accept-encoding: identity,gzip
date: Mon, 14 Feb 2022 22:19:20 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 4006971 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 6be667e7c1b0467f85be55d383b06557

 Just a subset of the response.

Здравко Thanks. Just to clarify, I was referring to this portion in particular, which didn't indicate any of that:

---

mbvistaprint wrote:

HEAD

https://www.dropbox.com/s/6djz4es56yb5k1b/SelfExamCardInside.jpg?dl=1

15:02:27.057

Pretty

Raw

HEAD /s/6djz4es56yb5k1b/SelfExamCardInside.jpg

Accept: */*

cache-control: no-cache

---

mbvistaprint Please note that using Postman may not accurately represent what your actual app itself is doing. For instance, it may be using a different version of HTTP itself (the Dropbox servers support both HTTP 1.1 and 2), etc. In any case, we can't provide support for Postman itself, so in case Postman is introducing any complications, please post the full raw HTTP request and response, where applicable for whatever exactly is causing issues for your app. For example, using curl may be more direct.

I understand that Postman isn't an exactly replication of our development environment but it's the tool I have available to me to troubleshoot with.     I was hoping we might have enough information here to understand what might be going on.   I want to re-iterate that this only started happening last week and it's only dropbox we're seeing this issue with.      Were there any changes made last week that could account for these issues?

In the meantime I can see if I can get one of our developers to reproduce this in their local dev environment.

mbvistaprint Yes, there have been updates to our serving infrastructure but we need to make sure we understand exactly what the issue or requirement is to be able to help. Please let me know if your developers can identify the specific issue or need. Thanks!

Hi mbvistaprint,

From the description you gave to here, seems your environment is using HTTP protocol version less than 2. Dropbox server "keeps strictly" the "chunked" encoding in such a case and it's difficult to turn it off. The mentioned by me above works for HTTP v2, but not in other (in particular not in v1.1) and there "content-length" is still missing! 🤷 Most probably this is your case.

Add: As a workaround, you can change a little bit you function and if it misses "content-length", not to fail immediately but check for "X-Dropbox-Content-Length" before - content is the same. Just a small trick. 😉

So we've been unable to get content-length on our side no matter what we try.     Tried with HTTP 1.1 and HTTP 2.0 and still not seeing it.    Tried also using Fiddler and still nothing.      Still working fine with other file sharing.     Here's another example response:

HTTP/1.0 200 OK
Cache-Control: no-cache,no-cache, no-store
Content-Security-Policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://dropboxconnect.co.uk/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/js/ https://www.dropboxstatic.com/static/js/ https://cfl.dropboxstatic.com/static/src/dws-ensemble-appshell/ https://www.dropboxstatic.com/static/src/dws-ensemble-appshell/ https://cfl.dropboxstatic.com/static/previews/ https://www.dropboxstatic.com/static/previews/ https://cfl.dropboxstatic.com/static/api/ https://www.dropboxstatic.com/static/api/ https://cfl.dropboxstatic.com/static/cms/ https://www.dropboxstatic.com/static/cms/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: gvc=MTY4NTY0NDYyNjkyNzM1NjI5MjAwNTM4MzExNjYyNjI2Njc4NTEz; expires=Sun, 14 Feb 2027 20:54:07 GMT; HttpOnly; Path=/; Secure
Set-Cookie: t=-MrIOkyMq0d6uNvgJRxYZIQM; Domain=dropbox.com; expires=Fri, 14 Feb 2025 20:54:07 GMT; HttpOnly; Path=/; Secure
Set-Cookie: __Host-js_csrf=-MrIOkyMq0d6uNvgJRxYZIQM; expires=Fri, 14 Feb 2025 20:54:07 GMT; Path=/; Secure
Set-Cookie: locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 20:54:07 GMT; Path=/; Secure
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow, noimageindex
X-Xss-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Accept-Encoding: identity,gzip
Date: Tue, 15 Feb 2022 20:54:07 GMT
Server: envoy
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Accept-Encoding
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: cb80f1a2c16145c499b899bae4ca5d53
Connection: close

I would love to know what you are doing to get the content-length returned.

-Melissa

mbvistaprint Is the lack of "Content-Length" specifically what is breaking your app? Earlier, based on the code and description you shared, you indicated it was the lack of a successful response at all. Please share a specific description of what exactly your app is expecting but not getting so we can advise accordingly.

Looking at your latest message though, the output you shared is actually for HTTP 1.0, not 1.1 or 2. (The version is shown in the status line at the top.)

Here's an example of issuing an HTTP 1.1 HEAD request to your sample shared link with dl=1, following the redirects as needed:

curl --http1.1 -L -I "https://www.dropbox.com/s/6djz4es56yb5k1b/SelfExamCardInside.jpg?dl=1"

# HTTP/1.1 301 Moved Permanently
# Cache-Control: no-cache,no-cache, no-store
# Content-Security-Policy: sandbox
# Location: /s/dl/6djz4es56yb5k1b/SelfExamCardInside.jpg
# Referrer-Policy: strict-origin-when-cross-origin
# Set-Cookie:  gvc=MTEwMTM0NzQxODg3NzM1NDI4MTMxODMxMTA3ODY5MjI0NDMwNDk3; expires=Sun, 14 Feb 2027 21:17:36 GMT; HttpOnly; Path=/; Secure
# Set-Cookie:  t=kc60u2VDGQuhMrg-OFfSk3G-; Domain=dropbox.com; expires=Fri, 14 Feb 2025 21:17:36 GMT; HttpOnly; Path=/; Secure
# Set-Cookie:  __Host-js_csrf=kc60u2VDGQuhMrg-OFfSk3G-; expires=Fri, 14 Feb 2025 21:17:36 GMT; Path=/; Secure
# Set-Cookie:  locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 21:17:36 GMT; Path=/; Secure
# X-Content-Type-Options: nosniff
# X-Frame-Options: DENY
# X-Permitted-Cross-Domain-Policies: none
# X-Robots-Tag: noindex, nofollow, noimageindex
# X-Xss-Protection: 1; mode=block
# Content-Type: application/json
# Accept-Encoding: identity,gzip
# Date: Tue, 15 Feb 2022 21:17:35 GMT
# Server: envoy
# Strict-Transport-Security: max-age=31536000; includeSubDomains
# Strict-Transport-Security: max-age=31536000; includeSubDomains
# Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
# Vary: Accept-Encoding
# X-Dropbox-Response-Origin: far_remote
# X-Dropbox-Request-Id: 9adf0f41c3454f2c98811d31fc7e19b9
# Transfer-Encoding: chunked

# HTTP/1.1 302 Found
# Cache-Control: no-cache,no-cache, no-store
# Content-Security-Policy: sandbox
# Location: https://uc42002d460e64d8995b662a9768.dl.dropboxusercontent.com/cd/0/get/BfyapoZo5IxC920UOu6h5vFCMCJNlBhH8wkm4Qh_kPzwOfg2T7qoyyTga49Zj5VR3ps4LvxeHfk4ROsUS8zfy1lRsjGqoNZPV5EHKSydB6WUn0y1jyUbJ2-PMYFQ-o2MSIRZ5pcGhdmdcjClsPZ07zv9/file?dl=1#
# Referrer-Policy: strict-origin-when-cross-origin
# Set-Cookie:  gvc=MjE1NTE0NDk0MTc1NTg0NDAzNjcwMDAwNjc5NDg2MTMyOTc2OTM0; expires=Sun, 14 Feb 2027 21:17:36 GMT; HttpOnly; Path=/; Secure
# Set-Cookie:  t=_OwvMXr3mSQ662WoKKaHkTWO; Domain=dropbox.com; expires=Fri, 14 Feb 2025 21:17:36 GMT; HttpOnly; Path=/; Secure
# Set-Cookie:  __Host-js_csrf=_OwvMXr3mSQ662WoKKaHkTWO; expires=Fri, 14 Feb 2025 21:17:36 GMT; Path=/; Secure
# Set-Cookie:  locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 21:17:36 GMT; Path=/; Secure
# X-Content-Type-Options: nosniff
# X-Frame-Options: DENY
# X-Permitted-Cross-Domain-Policies: none
# X-Xss-Protection: 1; mode=block
# Content-Type: text/html; charset=utf-8
# Accept-Encoding: identity,gzip
# Date: Tue, 15 Feb 2022 21:17:36 GMT
# Server: envoy
# Strict-Transport-Security: max-age=31536000; includeSubDomains
# Content-Length: 0
# Strict-Transport-Security: max-age=31536000; includeSubDomains
# Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
# X-Dropbox-Response-Origin: far_remote
# X-Dropbox-Request-Id: ecb8ad9b877e47d9aadb601523e9e7b2

# HTTP/1.1 200 OK
# Accept-Ranges: bytes
# Cache-Control: max-age=60
# Content-Disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg
# Content-Security-Policy: sandbox
# Etag: 1627768410839975d
# Pragma: public
# Referrer-Policy: no-referrer
# Vary: Origin, Accept-Encoding
# X-Content-Security-Policy: sandbox
# X-Content-Type-Options: nosniff
# X-Dropbox-Content-Length: 4006971
# X-Robots-Tag: noindex, nofollow, noimageindex
# X-Server-Response-Time: 51
# X-Webkit-Csp: sandbox
# Content-Type: application/json
# Accept-Encoding: identity,gzip
# Date: Tue, 15 Feb 2022 21:17:37 GMT
# Server: envoy
# Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
# X-Robots-Tag: noindex, nofollow, noimageindex
# X-Dropbox-Response-Origin: far_remote
# X-Dropbox-Request-Id: 494840e37c074743952da89f16af345f
# Transfer-Encoding: chunked

In this HTTP 1.1 sample, you can see the final 200 does not have "Content-Length", because it is using "Transfer-Encoding: chunked" instead. Note that Dropbox does not guarantee that the "Content-Length" HTTP response header will always be present on the responses for these URLs over HTTP 1.1 though. For example, when the server is using "Transfer-Encoding: chunked" for the response, "Content-Length" is omitted. While the Dropbox servers use the HTTP protocol, exactly which features they use may change over time. In this case, server updates were in late January to use 'Transfer-Encoding: chunked' for HTTP 1.1 requests to these links. That does not match your indicated timeline of "around 2/9, 2/10", but I'm mentioning it just in case it's relevant too. Either way, you should make sure your client/code supports "Transfer-Encoding: chunked" and not assume the "Content-Length" response header will be present. Or, switch to HTTP 2, where the "Content-Length" response header should be present.

And here's an example of issuing an HTTP 2 HEAD request to your sample shared link with dl=1, following the redirects as needed:

curl --http2 -L -I "https://www.dropbox.com/s/6djz4es56yb5k1b/SelfExamCardInside.jpg?dl=1"

# HTTP/2 301
# cache-control: no-cache,no-cache, no-store
# content-security-policy: sandbox
# location: /s/dl/6djz4es56yb5k1b/SelfExamCardInside.jpg
# referrer-policy: strict-origin-when-cross-origin
# set-cookie:  gvc=ODA0NTgyMjUwODkzMDIyNzYxMTg3OTk2NzQxOTQ2ODAzOTI1NzM%3D; expires=Sun, 14 Feb 2027 21:17:48 GMT; HttpOnly; Path=/; Secure
# set-cookie:  t=Jx21F_-JO4m5XyVKExkRnBdl; Domain=dropbox.com; expires=Fri, 14 Feb 2025 21:17:48 GMT; HttpOnly; Path=/; Secure
# set-cookie:  __Host-js_csrf=Jx21F_-JO4m5XyVKExkRnBdl; expires=Fri, 14 Feb 2025 21:17:48 GMT; Path=/; Secure
# set-cookie:  locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 21:17:48 GMT; Path=/; Secure
# x-content-type-options: nosniff
# x-frame-options: DENY
# x-permitted-cross-domain-policies: none
# x-robots-tag: noindex, nofollow, noimageindex
# x-xss-protection: 1; mode=block
# content-type: application/json
# accept-encoding: identity,gzip
# date: Tue, 15 Feb 2022 21:17:48 GMT
# server: envoy
# strict-transport-security: max-age=31536000; includeSubDomains
# strict-transport-security: max-age=31536000; includeSubDomains
# strict-transport-security: max-age=31536000; includeSubDomains; preload
# vary: Accept-Encoding
# x-dropbox-response-origin: far_remote
# x-dropbox-request-id: b16df4065f014dacb539f7ad52b3bbd3

# HTTP/2 302
# cache-control: no-cache,no-cache, no-store
# content-security-policy: sandbox
# location: https://uc2f9fd83932de0450cbee424029.dl.dropboxusercontent.com/cd/0/get/BfxcA2zTxJTo5LrkbEe39UmosiBaVTrvGPAHaYq010NELpQHqjSKrDR3EAlaDXvwhyouYTJwEtIbWlLQE5ahLh_ddK9pBKdeeN23bv4EW940HC3S5Q0lY-FjfSlNhQYsrGOyAHrhJX1f3QbdrHCkn_gD/file?dl=1#
# referrer-policy: strict-origin-when-cross-origin
# set-cookie:  gvc=MTAwNjcxMjM5Njk2MDc3NjAwNTcwMzAxODk2NDQ0NTYwMDY2Mjg5; expires=Sun, 14 Feb 2027 21:17:48 GMT; HttpOnly; Path=/; Secure
# set-cookie:  t=JxDzzKM2vKTnPWDaNKcALks_; Domain=dropbox.com; expires=Fri, 14 Feb 2025 21:17:48 GMT; HttpOnly; Path=/; Secure
# set-cookie:  __Host-js_csrf=JxDzzKM2vKTnPWDaNKcALks_; expires=Fri, 14 Feb 2025 21:17:48 GMT; Path=/; Secure
# set-cookie:  locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 21:17:48 GMT; Path=/; Secure
# x-content-type-options: nosniff
# x-frame-options: DENY
# x-permitted-cross-domain-policies: none
# x-xss-protection: 1; mode=block
# content-type: text/html; charset=utf-8
# accept-encoding: identity,gzip
# date: Tue, 15 Feb 2022 21:17:48 GMT
# server: envoy
# strict-transport-security: max-age=31536000; includeSubDomains
# content-length: 0
# strict-transport-security: max-age=31536000; includeSubDomains
# strict-transport-security: max-age=31536000; includeSubDomains; preload
# x-dropbox-response-origin: far_remote
# x-dropbox-request-id: 928c7e39bf06452487849d9b2b829ec9

# HTTP/2 200
# accept-ranges: bytes
# cache-control: max-age=60
# content-disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg
# content-security-policy: sandbox
# etag: 1627768410839975d
# pragma: public
# referrer-policy: no-referrer
# vary: Origin, Accept-Encoding
# x-content-security-policy: sandbox
# x-content-type-options: nosniff
# x-robots-tag: noindex, nofollow, noimageindex
# x-server-response-time: 53
# x-webkit-csp: sandbox
# content-type: application/json
# accept-encoding: identity,gzip
# date: Tue, 15 Feb 2022 21:17:49 GMT
# server: envoy
# strict-transport-security: max-age=31536000; includeSubDomains; preload
# x-robots-tag: noindex, nofollow, noimageindex
# content-length: 4006971
# x-dropbox-response-origin: far_remote
# x-dropbox-request-id: 56b1d0b1766d4f1da255238de98ffd41

In this HTTP 2 sample, the final 200 does have "Content-Length".

---

Greg-DB wrote:

...

In this HTTP 2 sample, the final 200 does have "Content-Length".

---

Just one addition to avoid confusion: There is temporary rollback, that's why "Content-Length" just appear without workaround! 😜 That gonna change at March beginning. 😉

mbvistaprint, you can see in the Greg-DB's post for HTTP/1.1 where X-Dropbox-Content-Length appear and you can use it, temporary at least (it's presence isn't guaranteed).

One more workaround example is usage of Range declaration and getting result out of Range header in response. 3 responses follow with setted "Range: bytes=0-0" (you can see where actual length is and this always works 😉) for HTTP/1.0, HTTP1.1, and mHTTP2:

HTTP/1.0 206 Partial Content
Accept-Ranges: bytes
Cache-Control: max-age=60
Content-Disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg
Content-Range: bytes 0-0/4006971 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Content-Security-Policy: sandbox
Etag: 1627768410839975d
Pragma: public
Referrer-Policy: no-referrer
Vary: Origin
X-Content-Security-Policy: sandbox
X-Content-Type-Options: nosniff
X-Dropbox-Content-Length: 1
X-Robots-Tag: noindex, nofollow, noimageindex
X-Webkit-Csp: sandbox
Content-Type: application/binary
Accept-Encoding: identity,gzip
Date: Tue, 15 Feb 2022 21:54:49 GMT
Server: envoy
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow, noimageindex
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: 7daefabda8344260b029b47213fc8d53
Connection: close

HTTP/1.1 206 Partial Content
Accept-Ranges: bytes
Cache-Control: max-age=60
Content-Disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg
Content-Range: bytes 0-0/4006971 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Content-Security-Policy: sandbox
Etag: 1627768410839975d
Pragma: public
Referrer-Policy: no-referrer
Vary: Origin
X-Content-Security-Policy: sandbox
X-Content-Type-Options: nosniff
X-Dropbox-Content-Length: 1
X-Robots-Tag: noindex, nofollow, noimageindex
X-Webkit-Csp: sandbox
Content-Type: application/binary
Accept-Encoding: identity,gzip
Date: Tue, 15 Feb 2022 21:54:17 GMT
Server: envoy
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow, noimageindex
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: cdaf604d28c1485da9bff49ba955defc
Transfer-Encoding: chunked

HTTP/2 206 
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg
content-range: bytes 0-0/4006971 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
content-security-policy: sandbox
etag: 1627768410839975d
pragma: public
referrer-policy: no-referrer
vary: Origin
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noimageindex
x-webkit-csp: sandbox
content-type: application/binary
accept-encoding: identity,gzip
date: Tue, 15 Feb 2022 21:55:06 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 1
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 2b03cfeb681d44da87abed089006e354

Just read and parse "content-range" header, instead "content-length" (the length is part of the range). 😉 This is cross protocol and cross site solution (will work not only for Dropbox). Just take care to ignore "content-length" here! It's obvious but, to mention: since it's a single byte range, the length (wherever you read it) will be fixed to 1 (as you can see above).

Add: Oh.. I forgot! mbvistaprint  What file are you trying to check size on? To the picture that was send to you or to the preview page's HTML file?

---

mbvistaprintwrote:

...

Content-Type: text/html; charset=utf-8

...

---

🤔 Take little bit more care! It's dynamic content and that's why there is not size in advance. Even if you where able to get something, it would be wrong for sure! It's just NOT the desired file. 🙂 Replace the ending "?dl=0" to "?dl=1" or "?raw=1". That's it. 😉 All above examples use "?dl=1" - all but the your.

To elaborate a bit on some of what Здравко was saying, note that in order to temporarily accommodate clients that don’t properly support automatically handling “Transfer-Encoding: chunked”, we’re temporarily rolling back that change, so that these links will no longer use “Transfer-Encoding: chunked” and will instead return “Content-Length” on HTTP/1.1. We will begin rolling that out starting around 2/17. That will be in place until around 3/1. At that point, we will begin using “Transfer-Encoding: chunked” and no longer returning “Content-Length” on HTTP/1.1 again. So, in case that is the issue in your case, going forward, please ensure that your clients are able to automatically handle both chunked encoding and non-chunked encoding automatically.

Thank you!     I will be discussing with my boss this afternoon how we want to handle this and will let him know about the temporary reprieve on this.    Appreciate the help!

-Melissa

Update: the team has been able to complete some further updates to our infrastructure to be able to support the previous non-chunked behavior going forward indefinitely. That means that we plan to continue returning Content-Length (and not 'Transfer-Encoding: chunked') in the future and will not be reverting this as previously planned. (Regardless, for HTTP compatibility in general, we still recommend you make sure your HTTP clients support both types.) Hope this helps!