Hi, I'm writing to find out if anyone knows of any changes to the Drop Box service around 2/9, 2/10 that may have changed how file information is shared when using the Shared Link. For context, we have customers using our API that use Drop Box to share files with our print service but as of Wednesday this past week the links are no longer working for our service. We're unable to confirm the file size from the shared link. Nothing changed on our customer's side with their sharing and many of these files have been shared with us for years. Other shared files (from Shopify for example) still work with our service so this seems specific to the DropBox shared files. Any ideas what may have changed to cause this? Thanks! -Melissa

Hi mbvistaprint,Let's hope the bug will be fixed soon. I believe staff working on it will follow up on the forum thread referred above on update.Good luck!.. to all of us. 😉

mbvistaprint Can you share a sample value of the "url" variable there for reference? (There are a few different types of links and options so I want to make sure I know exactly what you're using.) Also, based on this, if you're throwing that particular VcsValidationException exception at the bottom that would indicate that the "(response.StatusCode == HttpStatusCode.OK)" check is failing; that is, you're not getting a 200 status code back. Is that correct?

Hi mbvistaprint,From the description you gave to here, seems your environment is using HTTP protocol version less than 2. Dropbox server "keeps strictly" the "chunked" encoding in such a case and it's difficult to turn it off. The mentioned by me above works for HTTP v2, but not in other (in particular not in v1.1) and there "content-length" is still missing! 🤷 Most probably this is your case. Add: As a workaround, you can change a little bit you function and if it misses "content-length", not to fail immediately but check for "X-Dropbox-Content-Length" before - content is the same. Just a small trick. 😉

mbvistaprint wrote:... We're unable to confirm the file size from the shared link. ...Hi mbvistaprint,To be clear what exactly is the problem, you have to provide some example, at least, or describe the way you are using to "confirm the size". Size is reported correctly as always. Nothing has changed recently related to the size (as far as I know).If I have to bet, not the size confirmation itself is your issue. If you are using HEAD request to perform size confirmation and in advance you check file type then yes, there is a change (bug actually). Check exactly what you are doing, where is the error, and post additional info describing this error.Hope this gives direction. Add: Another possible reason, if you are using HTTP protocol version less than 2 together with HEAD request, "chunked" transfer encoding used by Dropbox "encodes" file size within data transfer itself and so not available within a HEAD response (not in the regular way at least). Check for this too. In such a case file size is still available but in "X-Dropbox-Content-Length" response header. 😉

Thank you! You hit the nail on the head. We are in fact making a HEAD request to get the file size so sounds like that could be where we are running into an issue then. Is there anywhere I can check for updates on bug fixes? This is essentially preventing a number of our customers now from placing orders with us and would require a significant effort on their part to move these to another sharing system. Thanks, Melissa

Shared File Link Issues | The Dropbox Community

29 Replies

Replies have been turned off for this discussion

Greg-DB
Dropbox Community Moderator
4 years ago
mbvistaprint That does not appear to be a response from Dropbox itself. Can you share a sample value of the "url" variable that would be used in your code?
mbvistaprint
Helpful | Level 5
4 years ago
Sorry about that... So here's a working HEAD request that returns 200 for us with another Shared Image File:

Request Headers:
Accept:"*/*"
cache-control:"no-cache"
User-Agent:"PostmanRuntime/7.6.0"
Host:"upload.wikimedia.org"
accept-encoding:"gzip, deflate"
content-length:""

Response Headers:
Date:"Mon, 14 Feb 2022 19:56:24 GMT"
Content-Type:"image/gif"
Content-Length:"1789"
X-Object-Meta-Sha1Base36:"j46h21owxa5nvjxzmreodh4vr4rw2a7"
Last-Modified:"Sun, 06 Oct 2013 15:18:28 GMT"
Etag:"792456dc6ed5053432e53ea1aaa2a444"
X-Timestamp:"1381072707.29367"
Server:"ATS/8.0.8"
Age:"105"
X-Cache:"cp1082 miss, cp1086 hit/1"
X-Cache-Status:"hit-front"
Server-Timing:"cache;desc="hit-front", host;desc="cp1086""
Strict-Transport-Security:"max-age=106384710; includeSubDomains; preload"
Report-To:"{ "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }"
NEL:"{ "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}"
Permissions-Policy:"interest-cohort=()"
X-Client-IP:"72.38.236.99"
Access-Control-Allow-Origin:"*"
Access-Control-Expose-Headers:"Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache"
Timing-Allow-Origin:"*"
Accept-Ranges:"bytes"
Connection:"keep-alive"

And here's what we're getting with the same request to dropbox:

HEAD
https://www.dropbox.com/s/6djz4es56yb5k1b/SelfExamCardInside.jpg?dl=0
14:59:48.756
Pretty
Raw

Request Headers:
Accept:"*/*"
cache-control:"no-cache"
User-Agent:"PostmanRuntime/7.6.0"
Host:"www.dropbox.com"
cookie:"t=VJO2c4CRFqZizRnH5eTAtdBa; locale=en; gvc=MjQyOTU1MzM4NDQ2MzQzNzgzNjAzMTEwODgzMDY2OTExMDM0NTE5; __Host-js_csrf=VJO2c4CRFqZizRnH5eTAtdBa"
accept-encoding:"gzip, deflate"
content-length:""

Response Headers:
Cache-Control:"no-cache,no-cache, no-store"
Content-Security-Policy:"base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://dropboxconnect.co.uk/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/js/ https://www.dropboxstatic.com/static/js/ https://cfl.dropboxstatic.com/static/src/dws-ensemble-appshell/ https://www.dropboxstatic.com/static/src/dws-ensemble-appshell/ https://cfl.dropboxstatic.com/static/previews/ https://www.dropboxstatic.com/static/previews/ https://cfl.dropboxstatic.com/static/api/ https://www.dropboxstatic.com/static/api/ https://cfl.dropboxstatic.com/static/cms/ https://www.dropboxstatic.com/static/cms/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:"
Referrer-Policy:"strict-origin-when-cross-origin"
Set-Cookie:"__Host-logged-out-session=ChDNFjzU5Y3hv+wpzLJmOiR8ELTpqpAGGi5BQ2NhMWdvc01HbXBJZ3JrcmZUempOT1c4RU54dUR3RE80TzF0U0VSMXdrYUNR; HttpOnly; Path=/; Secure"
X-Content-Type-Options:"nosniff"
X-Frame-Options:"DENY"
X-Permitted-Cross-Domain-Policies:"none"
X-Robots-Tag:"noindex, nofollow, noimageindex"
X-Xss-Protection:"1; mode=block"
Content-Type:"text/html; charset=utf-8"
Accept-Encoding:"identity,gzip"
Date:"Mon, 14 Feb 2022 19:59:48 GMT"
Server:"envoy"

Strict-Transport-Security:
0:"max-age=31536000; includeSubDomains"
1:"max-age=31536000; includeSubDomains"
2:"max-age=31536000; includeSubDomains; preload"
Content-Encoding:"gzip"
Vary:"Accept-Encoding"
X-Dropbox-Response-Origin:"far_remote"
X-Dropbox-Request-Id:"3a7e948775e741d4a99ff8e892df2668"
Transfer-Encoding:"chunked"

Or with DL=1 (no response):

HEAD
https://www.dropbox.com/s/6djz4es56yb5k1b/SelfExamCardInside.jpg?dl=1
15:02:27.057
Pretty
Raw
HEAD /s/6djz4es56yb5k1b/SelfExamCardInside.jpg
Accept: */*
cache-control: no-cache
Здравко
Legendary | Level 20
4 years ago
Hi mbvistaprint,
Hah... 😁 One more bug... 🤷 It's definitely not the same like the one I linked to before.
Here as far as I can see Dropbox server gets confused from Accept-Encoding header. You haven't posted you query, but most probably there your web client pushed all supported encodings. What seems confusing to Dropbox (I have no idea why - just bug). Let's hope that will get solved soon.
You can workaround (temporary, at least) by putting within your request a header like:
Accept-Encoding: identity
That's it. 😉
Good luck.

Greg-DB, I have no idea what's going on, but such bugs are "raining" one after other!? Maybe it's asking better QA... 🧐

Edit: mbvistaprint my error. You have posted it. And as expected:
mbvistaprint wrote:
...
accept-encoding:"gzip, deflate"
...
Force replace it! 😉
mbvistaprint
Helpful | Level 5
4 years ago
Thank you Здравко

That definitely got us something. 🙂 So using the identity encoding with the dl=1 url we get back a response at least. However, I'm still not seeing any "content-length"... It's just empty.... though I do see a "X-Dropbox-Content-Length: 4006971" which looks like it's probably the right value... it's just being provided in the way we're expecting.

HEAD /s/6djz4es56yb5k1b/SelfExamCardInside.jpg
Accept: */*
Accept-Encoding: identity
cache-control: no-cache
User-Agent: PostmanRuntime/7.6.0
cookie: t=VJO2c4CRFqZizRnH5eTAtdBa; locale=en; gvc=MjQyOTU1MzM4NDQ2MzQzNzgzNjAzMTEwODgzMDY2OTExMDM0NTE5; __Host-js_csrf=VJO2c4CRFqZizRnH5eTAtdBa; __Host-logged-out-session=ChDNFjzU5Y3hv+wpzLJmOiR8ELTpqpAGGi5BQ2NhMWdvc01HbXBJZ3JrcmZUempOT1c4RU54dUR3RE80TzF0U0VSMXdrYUNR
referer: https://www.dropbox.com/s/dl/6djz4es56yb5k1b/SelfExamCardInside.jpg
content-length:

HTTP/1.1 200
status: 200
Accept-Ranges: bytes
Cache-Control: max-age=60
Content-Disposition: attachment; filename="SelfExamCardInside.jpg"; filename*=UTF-8''SelfExamCardInside.jpg
Content-Security-Policy: sandbox
Etag: 1627768410839975d
Pragma: public
Referrer-Policy: no-referrer
Vary: Origin, Accept-Encoding
X-Content-Security-Policy: sandbox
X-Content-Type-Options: nosniff
X-Dropbox-Content-Length: 4006971
X-Robots-Tag: noindex, nofollow, noimageindex
X-Robots-Tag: noindex, nofollow, noimageindex
X-Server-Response-Time: 21
X-Webkit-Csp: sandbox
Content-Type: application/json
Accept-Encoding: identity,gzip
Date: Mon, 14 Feb 2022 21:32:54 GMT
Server: envoy
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: 0ae641141a2b4668a508979c25c6bd29
Transfer-Encoding: chunked

-Melissa
Greg-DB
Dropbox Community Moderator
4 years ago
mbvistaprint You mentioned both "dl=0" and "dl=1". For clarity, which one are you actually using in your app? For reference, using "dl=0" would only give you the HTML preview page, not the actual file, so that's presumably not what you want. Using "dl=1" would give you the actual file, but would require the client follow one or more redirects first.

It's not clear why you're not getting a response though, and I can't reproduce that. I just tried a HEAD request on your sample link with "dl=1" sending the same request headers you specified for that one and I do get the expected redirects and successful response (that is, a 301, then a 302, then a 200).
Здравко
Legendary | Level 20
4 years ago
Greg-DB wrote:
... I just tried a HEAD request on your sample link with "dl=1" sending the same request headers you specified for that one and I do get the expected redirects and successful response (that is, a 301, then a 302, then a 200).
Hmm... 🤔 And what about the "content-length" with "the same request headers"? Take a look! Repeat again without gzip. 🙂
mbvistaprint
Helpful | Level 5
4 years ago
Hi,

When I test this in Postman I can only get a response when adding the "Accept-Encoding: Identity" parameter. But even still I don't get a content-length returned.

-Melissa

Здравко

Legendary | Level 20

4 years ago

Hmm... In such a case I'm up to here. In my test when transfer encoding is off (i.e. set to Identity) "content-length" comes up:

x-content-security-policy: sandbox
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noimageindex
x-server-response-time: 46
x-webkit-csp: sandbox
content-type: application/json
accept-encoding: identity,gzip
date: Mon, 14 Feb 2022 22:19:20 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 4006971 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 6be667e7c1b0467f85be55d383b06557

Just a subset of the response.

Greg-DB
Dropbox Community Moderator
4 years ago
Здравко Thanks. Just to clarify, I was referring to this portion in particular, which didn't indicate any of that:

mbvistaprint wrote:

HEAD

https://www.dropbox.com/s/6djz4es56yb5k1b/SelfExamCardInside.jpg?dl=1

15:02:27.057

Pretty

Raw

HEAD /s/6djz4es56yb5k1b/SelfExamCardInside.jpg

Accept: */*

cache-control: no-cache
Greg-DB
Dropbox Community Moderator
4 years ago
mbvistaprint Please note that using Postman may not accurately represent what your actual app itself is doing. For instance, it may be using a different version of HTTP itself (the Dropbox servers support both HTTP 1.1 and 2), etc. In any case, we can't provide support for Postman itself, so in case Postman is introducing any complications, please post the full raw HTTP request and response, where applicable for whatever exactly is causing issues for your app. For example, using curl may be more direct.

Forum Discussion

Shared File Link Issues

29 Replies

About Dropbox API Support & Feedback

Related Content

Issues with downloading big files through a shared link

Issues when trying to download files from shared links.

Having issue opening my C4D files on a shared server.

Force render issues (raw=1) and shared links won't work for hosting.

Dropbox Plus Probleme / Upgrading Issues

Recent Discussions

Shared Link - Download in .NET

Dropbox API server root certificate changes for .Net

GetCurrentAccountAsync API Failing for some Team Members while using Impersonation

Find DBID on Local PC

How to replace a non-existent permanent token? Any auto-refresh alternative for automation?