Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Shared File Link Issues
Hi,
I'm writing to find out if anyone knows of any changes to the Drop Box service around 2/9, 2/10 that may have changed how file information is shared when using the Shared Link. For con...
So we've been unable to get content-length on our side no matter what we try. Tried with HTTP 1.1 and HTTP 2.0 and still not seeing it. Tried also using Fiddler and still nothing. Still working fine with other file sharing. Here's another example response:
HTTP/1.0 200 OK
Cache-Control: no-cache,no-cache, no-store
Content-Security-Policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://dropboxconnect.co.uk/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/js/ https://www.dropboxstatic.com/static/js/ https://cfl.dropboxstatic.com/static/src/dws-ensemble-appshell/ https://www.dropboxstatic.com/static/src/dws-ensemble-appshell/ https://cfl.dropboxstatic.com/static/previews/ https://www.dropboxstatic.com/static/previews/ https://cfl.dropboxstatic.com/static/api/ https://www.dropboxstatic.com/static/api/ https://cfl.dropboxstatic.com/static/cms/ https://www.dropboxstatic.com/static/cms/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: gvc=MTY4NTY0NDYyNjkyNzM1NjI5MjAwNTM4MzExNjYyNjI2Njc4NTEz; expires=Sun, 14 Feb 2027 20:54:07 GMT; HttpOnly; Path=/; Secure
Set-Cookie: t=-MrIOkyMq0d6uNvgJRxYZIQM; Domain=dropbox.com; expires=Fri, 14 Feb 2025 20:54:07 GMT; HttpOnly; Path=/; Secure
Set-Cookie: __Host-js_csrf=-MrIOkyMq0d6uNvgJRxYZIQM; expires=Fri, 14 Feb 2025 20:54:07 GMT; Path=/; Secure
Set-Cookie: locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 20:54:07 GMT; Path=/; Secure
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow, noimageindex
X-Xss-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Accept-Encoding: identity,gzip
Date: Tue, 15 Feb 2022 20:54:07 GMT
Server: envoy
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Accept-Encoding
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: cb80f1a2c16145c499b899bae4ca5d53
Connection: close
I would love to know what you are doing to get the content-length returned.
-Melissa
Greg-DB
Dropbox Community Moderator
Dropbox Community Moderatormbvistaprint Is the lack of "Content-Length" specifically what is breaking your app? Earlier, based on the code and description you shared, you indicated it was the lack of a successful response at all. Please share a specific description of what exactly your app is expecting but not getting so we can advise accordingly.
Looking at your latest message though, the output you shared is actually for HTTP 1.0, not 1.1 or 2. (The version is shown in the status line at the top.)
Here's an example of issuing an HTTP 1.1 HEAD request to your sample shared link with dl=1, following the redirects as needed:
curl --http1.1 -L -I "https://www.dropbox.com/s/6djz4es56yb5k1b/SelfExamCardInside.jpg?dl=1"
# HTTP/1.1 301 Moved Permanently
# Cache-Control: no-cache,no-cache, no-store
# Content-Security-Policy: sandbox
# Location: /s/dl/6djz4es56yb5k1b/SelfExamCardInside.jpg
# Referrer-Policy: strict-origin-when-cross-origin
# Set-Cookie: gvc=MTEwMTM0NzQxODg3NzM1NDI4MTMxODMxMTA3ODY5MjI0NDMwNDk3; expires=Sun, 14 Feb 2027 21:17:36 GMT; HttpOnly; Path=/; Secure
# Set-Cookie: t=kc60u2VDGQuhMrg-OFfSk3G-; Domain=dropbox.com; expires=Fri, 14 Feb 2025 21:17:36 GMT; HttpOnly; Path=/; Secure
# Set-Cookie: __Host-js_csrf=kc60u2VDGQuhMrg-OFfSk3G-; expires=Fri, 14 Feb 2025 21:17:36 GMT; Path=/; Secure
# Set-Cookie: locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 21:17:36 GMT; Path=/; Secure
# X-Content-Type-Options: nosniff
# X-Frame-Options: DENY
# X-Permitted-Cross-Domain-Policies: none
# X-Robots-Tag: noindex, nofollow, noimageindex
# X-Xss-Protection: 1; mode=block
# Content-Type: application/json
# Accept-Encoding: identity,gzip
# Date: Tue, 15 Feb 2022 21:17:35 GMT
# Server: envoy
# Strict-Transport-Security: max-age=31536000; includeSubDomains
# Strict-Transport-Security: max-age=31536000; includeSubDomains
# Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
# Vary: Accept-Encoding
# X-Dropbox-Response-Origin: far_remote
# X-Dropbox-Request-Id: 9adf0f41c3454f2c98811d31fc7e19b9
# Transfer-Encoding: chunked
# HTTP/1.1 302 Found
# Cache-Control: no-cache,no-cache, no-store
# Content-Security-Policy: sandbox
# Location: https://uc42002d460e64d8995b662a9768.dl.dropboxusercontent.com/cd/0/get/BfyapoZo5IxC920UOu6h5vFCMCJNlBhH8wkm4Qh_kPzwOfg2T7qoyyTga49Zj5VR3ps4LvxeHfk4ROsUS8zfy1lRsjGqoNZPV5EHKSydB6WUn0y1jyUbJ2-PMYFQ-o2MSIRZ5pcGhdmdcjClsPZ07zv9/file?dl=1#
# Referrer-Policy: strict-origin-when-cross-origin
# Set-Cookie: gvc=MjE1NTE0NDk0MTc1NTg0NDAzNjcwMDAwNjc5NDg2MTMyOTc2OTM0; expires=Sun, 14 Feb 2027 21:17:36 GMT; HttpOnly; Path=/; Secure
# Set-Cookie: t=_OwvMXr3mSQ662WoKKaHkTWO; Domain=dropbox.com; expires=Fri, 14 Feb 2025 21:17:36 GMT; HttpOnly; Path=/; Secure
# Set-Cookie: __Host-js_csrf=_OwvMXr3mSQ662WoKKaHkTWO; expires=Fri, 14 Feb 2025 21:17:36 GMT; Path=/; Secure
# Set-Cookie: locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 21:17:36 GMT; Path=/; Secure
# X-Content-Type-Options: nosniff
# X-Frame-Options: DENY
# X-Permitted-Cross-Domain-Policies: none
# X-Xss-Protection: 1; mode=block
# Content-Type: text/html; charset=utf-8
# Accept-Encoding: identity,gzip
# Date: Tue, 15 Feb 2022 21:17:36 GMT
# Server: envoy
# Strict-Transport-Security: max-age=31536000; includeSubDomains
# Content-Length: 0
# Strict-Transport-Security: max-age=31536000; includeSubDomains
# Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
# X-Dropbox-Response-Origin: far_remote
# X-Dropbox-Request-Id: ecb8ad9b877e47d9aadb601523e9e7b2
# HTTP/1.1 200 OK
# Accept-Ranges: bytes
# Cache-Control: max-age=60
# Content-Disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg
# Content-Security-Policy: sandbox
# Etag: 1627768410839975d
# Pragma: public
# Referrer-Policy: no-referrer
# Vary: Origin, Accept-Encoding
# X-Content-Security-Policy: sandbox
# X-Content-Type-Options: nosniff
# X-Dropbox-Content-Length: 4006971
# X-Robots-Tag: noindex, nofollow, noimageindex
# X-Server-Response-Time: 51
# X-Webkit-Csp: sandbox
# Content-Type: application/json
# Accept-Encoding: identity,gzip
# Date: Tue, 15 Feb 2022 21:17:37 GMT
# Server: envoy
# Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
# X-Robots-Tag: noindex, nofollow, noimageindex
# X-Dropbox-Response-Origin: far_remote
# X-Dropbox-Request-Id: 494840e37c074743952da89f16af345f
# Transfer-Encoding: chunked
In this HTTP 1.1 sample, you can see the final 200 does not have "Content-Length", because it is using "Transfer-Encoding: chunked" instead. Note that Dropbox does not guarantee that the "Content-Length" HTTP response header will always be present on the responses for these URLs over HTTP 1.1 though. For example, when the server is using "Transfer-Encoding: chunked" for the response, "Content-Length" is omitted. While the Dropbox servers use the HTTP protocol, exactly which features they use may change over time. In this case, server updates were in late January to use 'Transfer-Encoding: chunked' for HTTP 1.1 requests to these links. That does not match your indicated timeline of "around 2/9, 2/10", but I'm mentioning it just in case it's relevant too. Either way, you should make sure your client/code supports "Transfer-Encoding: chunked" and not assume the "Content-Length" response header will be present. Or, switch to HTTP 2, where the "Content-Length" response header should be present.
And here's an example of issuing an HTTP 2 HEAD request to your sample shared link with dl=1, following the redirects as needed:
curl --http2 -L -I "https://www.dropbox.com/s/6djz4es56yb5k1b/SelfExamCardInside.jpg?dl=1"
# HTTP/2 301
# cache-control: no-cache,no-cache, no-store
# content-security-policy: sandbox
# location: /s/dl/6djz4es56yb5k1b/SelfExamCardInside.jpg
# referrer-policy: strict-origin-when-cross-origin
# set-cookie: gvc=ODA0NTgyMjUwODkzMDIyNzYxMTg3OTk2NzQxOTQ2ODAzOTI1NzM%3D; expires=Sun, 14 Feb 2027 21:17:48 GMT; HttpOnly; Path=/; Secure
# set-cookie: t=Jx21F_-JO4m5XyVKExkRnBdl; Domain=dropbox.com; expires=Fri, 14 Feb 2025 21:17:48 GMT; HttpOnly; Path=/; Secure
# set-cookie: __Host-js_csrf=Jx21F_-JO4m5XyVKExkRnBdl; expires=Fri, 14 Feb 2025 21:17:48 GMT; Path=/; Secure
# set-cookie: locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 21:17:48 GMT; Path=/; Secure
# x-content-type-options: nosniff
# x-frame-options: DENY
# x-permitted-cross-domain-policies: none
# x-robots-tag: noindex, nofollow, noimageindex
# x-xss-protection: 1; mode=block
# content-type: application/json
# accept-encoding: identity,gzip
# date: Tue, 15 Feb 2022 21:17:48 GMT
# server: envoy
# strict-transport-security: max-age=31536000; includeSubDomains
# strict-transport-security: max-age=31536000; includeSubDomains
# strict-transport-security: max-age=31536000; includeSubDomains; preload
# vary: Accept-Encoding
# x-dropbox-response-origin: far_remote
# x-dropbox-request-id: b16df4065f014dacb539f7ad52b3bbd3
# HTTP/2 302
# cache-control: no-cache,no-cache, no-store
# content-security-policy: sandbox
# location: https://uc2f9fd83932de0450cbee424029.dl.dropboxusercontent.com/cd/0/get/BfxcA2zTxJTo5LrkbEe39UmosiBaVTrvGPAHaYq010NELpQHqjSKrDR3EAlaDXvwhyouYTJwEtIbWlLQE5ahLh_ddK9pBKdeeN23bv4EW940HC3S5Q0lY-FjfSlNhQYsrGOyAHrhJX1f3QbdrHCkn_gD/file?dl=1#
# referrer-policy: strict-origin-when-cross-origin
# set-cookie: gvc=MTAwNjcxMjM5Njk2MDc3NjAwNTcwMzAxODk2NDQ0NTYwMDY2Mjg5; expires=Sun, 14 Feb 2027 21:17:48 GMT; HttpOnly; Path=/; Secure
# set-cookie: t=JxDzzKM2vKTnPWDaNKcALks_; Domain=dropbox.com; expires=Fri, 14 Feb 2025 21:17:48 GMT; HttpOnly; Path=/; Secure
# set-cookie: __Host-js_csrf=JxDzzKM2vKTnPWDaNKcALks_; expires=Fri, 14 Feb 2025 21:17:48 GMT; Path=/; Secure
# set-cookie: locale=en; Domain=dropbox.com; expires=Sun, 14 Feb 2027 21:17:48 GMT; Path=/; Secure
# x-content-type-options: nosniff
# x-frame-options: DENY
# x-permitted-cross-domain-policies: none
# x-xss-protection: 1; mode=block
# content-type: text/html; charset=utf-8
# accept-encoding: identity,gzip
# date: Tue, 15 Feb 2022 21:17:48 GMT
# server: envoy
# strict-transport-security: max-age=31536000; includeSubDomains
# content-length: 0
# strict-transport-security: max-age=31536000; includeSubDomains
# strict-transport-security: max-age=31536000; includeSubDomains; preload
# x-dropbox-response-origin: far_remote
# x-dropbox-request-id: 928c7e39bf06452487849d9b2b829ec9
# HTTP/2 200
# accept-ranges: bytes
# cache-control: max-age=60
# content-disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg
# content-security-policy: sandbox
# etag: 1627768410839975d
# pragma: public
# referrer-policy: no-referrer
# vary: Origin, Accept-Encoding
# x-content-security-policy: sandbox
# x-content-type-options: nosniff
# x-robots-tag: noindex, nofollow, noimageindex
# x-server-response-time: 53
# x-webkit-csp: sandbox
# content-type: application/json
# accept-encoding: identity,gzip
# date: Tue, 15 Feb 2022 21:17:49 GMT
# server: envoy
# strict-transport-security: max-age=31536000; includeSubDomains; preload
# x-robots-tag: noindex, nofollow, noimageindex
# content-length: 4006971
# x-dropbox-response-origin: far_remote
# x-dropbox-request-id: 56b1d0b1766d4f1da255238de98ffd41
In this HTTP 2 sample, the final 200 does have "Content-Length".
Greg-DB wrote:...
In this HTTP 2 sample, the final 200 does have "Content-Length".
Just one addition to avoid confusion: There is temporary rollback, that's why "Content-Length" just appear without workaround! 😜 That gonna change at March beginning. 😉
mbvistaprint, you can see in the Greg-DB's post for HTTP/1.1 where X-Dropbox-Content-Length appear and you can use it, temporary at least (it's presence isn't guaranteed).
One more workaround example is usage of Range declaration and getting result out of Range header in response. 3 responses follow with setted "Range: bytes=0-0" (you can see where actual length is and this always works 😉) for HTTP/1.0, HTTP1.1, and mHTTP2:
HTTP/1.0 206 Partial Content Accept-Ranges: bytes Cache-Control: max-age=60 Content-Disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg Content-Range: bytes 0-0/4006971 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Content-Security-Policy: sandbox Etag: 1627768410839975d Pragma: public Referrer-Policy: no-referrer Vary: Origin X-Content-Security-Policy: sandbox X-Content-Type-Options: nosniff X-Dropbox-Content-Length: 1 X-Robots-Tag: noindex, nofollow, noimageindex X-Webkit-Csp: sandbox Content-Type: application/binary Accept-Encoding: identity,gzip Date: Tue, 15 Feb 2022 21:54:49 GMT Server: envoy Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Robots-Tag: noindex, nofollow, noimageindex X-Dropbox-Response-Origin: far_remote X-Dropbox-Request-Id: 7daefabda8344260b029b47213fc8d53 Connection: close HTTP/1.1 206 Partial Content Accept-Ranges: bytes Cache-Control: max-age=60 Content-Disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg Content-Range: bytes 0-0/4006971 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Content-Security-Policy: sandbox Etag: 1627768410839975d Pragma: public Referrer-Policy: no-referrer Vary: Origin X-Content-Security-Policy: sandbox X-Content-Type-Options: nosniff X-Dropbox-Content-Length: 1 X-Robots-Tag: noindex, nofollow, noimageindex X-Webkit-Csp: sandbox Content-Type: application/binary Accept-Encoding: identity,gzip Date: Tue, 15 Feb 2022 21:54:17 GMT Server: envoy Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Robots-Tag: noindex, nofollow, noimageindex X-Dropbox-Response-Origin: far_remote X-Dropbox-Request-Id: cdaf604d28c1485da9bff49ba955defc Transfer-Encoding: chunked HTTP/2 206 accept-ranges: bytes cache-control: max-age=60 content-disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg content-range: bytes 0-0/4006971 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< content-security-policy: sandbox etag: 1627768410839975d pragma: public referrer-policy: no-referrer vary: Origin x-content-security-policy: sandbox x-content-type-options: nosniff x-robots-tag: noindex, nofollow, noimageindex x-webkit-csp: sandbox content-type: application/binary accept-encoding: identity,gzip date: Tue, 15 Feb 2022 21:55:06 GMT server: envoy strict-transport-security: max-age=31536000; includeSubDomains; preload x-robots-tag: noindex, nofollow, noimageindex content-length: 1 x-dropbox-response-origin: far_remote x-dropbox-request-id: 2b03cfeb681d44da87abed089006e354
Just read and parse "content-range" header, instead "content-length" (the length is part of the range). 😉 This is cross protocol and cross site solution (will work not only for Dropbox). Just take care to ignore "content-length" here! It's obvious but, to mention: since it's a single byte range, the length (wherever you read it) will be fixed to 1 (as you can see above).
Add: Oh.. I forgot! mbvistaprint What file are you trying to check size on? To the picture that was send to you or to the preview page's HTML file?
mbvistaprintwrote:...
Content-Type: text/html; charset=utf-8
...
🤔 Take little bit more care! It's dynamic content and that's why there is not size in advance. Even if you where able to get something, it would be wrong for sure! It's just NOT the desired file. 🙂 Replace the ending "?dl=0" to "?dl=1" or "?raw=1". That's it. 😉 All above examples use "?dl=1" - all but the your.
- Greg-DB
To elaborate a bit on some of what Здравко was saying, note that in order to temporarily accommodate clients that don’t properly support automatically handling “Transfer-Encoding: chunked”, we’re temporarily rolling back that change, so that these links will no longer use “Transfer-Encoding: chunked” and will instead return “Content-Length” on HTTP/1.1. We will begin rolling that out starting around 2/17. That will be in place until around 3/1. At that point, we will begin using “Transfer-Encoding: chunked” and no longer returning “Content-Length” on HTTP/1.1 again. So, in case that is the issue in your case, going forward, please ensure that your clients are able to automatically handle both chunked encoding and non-chunked encoding automatically.
Thank you! I will be discussing with my boss this afternoon how we want to handle this and will let him know about the temporary reprieve on this. Appreciate the help!
-Melissa
- Greg-DB
Update: the team has been able to complete some further updates to our infrastructure to be able to support the previous non-chunked behavior going forward indefinitely. That means that we plan to continue returning Content-Length (and not 'Transfer-Encoding: chunked') in the future and will not be reverting this as previously planned. (Regardless, for HTTP compatibility in general, we still recommend you make sure your HTTP clients support both types.) Hope this helps!
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
