<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Dropbox API: No CORS header present in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/216306#M11201</link>
    <description>&lt;P&gt;Right. Thanks a lot!&lt;/P&gt;</description>
    <pubDate>Sat, 15 Apr 2017 11:06:29 GMT</pubDate>
    <dc:creator>fa11</dc:creator>
    <dc:date>2017-04-15T11:06:29Z</dc:date>
    <item>
      <title>Dropbox API: No CORS header present</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/215359#M11074</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;I am using the dropbox core API v2 with angularJs web client using $resource and Express REST server to access dropbox. After i moved to $resource from my client instead of $http, I am getting the following CORS error when redirecting to dropbox for OAuth2 authentication as mentioned in the Dropbox OAuth2 guide.&amp;nbsp;&lt;BR /&gt;If i enable a CORS extension for chrome, i don't get this error but the redirect does not happen.&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;XMLHttpRequest cannot load &lt;A href="https://www.dropbox.com/oauth2/authorize?client_id=abcedefgh&amp;amp;response…21H3Qhj4DgIgBh5BNCv&amp;amp;redirect_uri=https%3A%2F%2Flocalhost%3A3443%2Fcallback" target="_blank"&gt;https://www.dropbox.com/oauth2/authorize?client_id=...&amp;amp;response…...&amp;amp;redirect_uri=https%3A%2F%2Flocalhost%3A3443%2Fcallback&lt;/A&gt;. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost:3443' is therefore not allowed access.&lt;BR /&gt;(the redirect URI is valid as it works in the browser, i've modified the url pasted here to change client id and response for security reasons)&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Any insight will be greatly apprecited. Here are snippets of related code:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;PRE&gt;app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", req.headers.origin);
res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
res.header("Access-Control-Allow-Credentials", "true");
res.header("Access-Control-Allow-Headers","Origin, x-access-token, X-Requested-With, Content-Type, Accept, Authorization, X-CSRF-Token, Accept-Version, Content-MD5, Date, X-Api-Version, X-File-Name");
//
//res.header("Access-Control-Allow-Headers",(req.headers['access-control-request-headers']) ? req.headers['access-control-request-headers'] : "x-requested-with");
//intercepts OPTIONS method
if ('OPTIONS' === req.method) {
//respond with 200
res.sendStatus(200);
}
else {
//move on
next();
}
});&lt;/PRE&gt;&lt;P&gt;and&lt;/P&gt;&lt;PRE&gt;var csrfToken = generateCSRFToken();
  req.session.csrf = csrfToken;
  console.log("redirecting to dropbox uri");
  var redirectURl = url.format({
    protocol: 'https',
    hostname: 'www.dropbox.com',
    pathname: 'oauth2/authorize',
    query: {
      client_id: APP_KEY,
      response_type: 'code',
      state: csrfToken,
      redirect_uri: generateRedirectURI(req)
    }
  });
  console.log("rediect uri is "+redirectURl);
  res.redirect(redirectURl);&lt;/PRE&gt;&lt;P&gt;Thanks!&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 29 May 2019 09:23:52 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/215359#M11074</guid>
      <dc:creator>fa11</dc:creator>
      <dc:date>2019-05-29T09:23:52Z</dc:date>
    </item>
    <item>
      <title>Re: Dropbox API: No CORS header present</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/215463#M11092</link>
      <description>&lt;P&gt;I can't offer any insight on using Angular or Express, but based on the error output, which cites&amp;nbsp;XMLHttpRequest, it seems like your setup is trying to make an ajax call to /authorize, instead of sending the user there directly in their browser. The /authorize page is a web page the user needs to interact with directly, not indirectly from another page via JavaScript, so CORS shouldn't come in to play. You'll need to look in to how to configure your web framework to redirect the user normally, as opposed to making a&amp;nbsp;XMLHttpRequest. Apologies I don't have any&amp;nbsp;Angular or Express insight to share for that, but perhaps someone else on the forum does.&lt;/P&gt;</description>
      <pubDate>Mon, 10 Apr 2017 20:21:06 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/215463#M11092</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2017-04-10T20:21:06Z</dc:date>
    </item>
    <item>
      <title>Re: Dropbox API: No CORS header present</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/216075#M11157</link>
      <description>&lt;P&gt;Hi Greg,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks a lot for your response! Since it seemed to work before (I made some changes to my server), I retracted my changes to my code and now am getting a slightly different version of this error which is as follows. It happens when dropbox tries to redirect to my callback function. It seems like my server refuses to accept the redirect back from dropbox:&lt;BR /&gt;XMLHttpRequest cannot load &lt;A href="https://www.dropbox.com/oauth2/authorize?client_id=...&amp;amp;response…..&amp;amp;redirect_uri=https%3A%2F%2Flocalhost%3A3443%2Fcallback" target="_blank"&gt;https://www.dropbox.com/oauth2/authorize?client_id=...&amp;amp;response…..&amp;amp;redirect_uri=https%3A%2F%2Flocalhost%3A3443%2Fcallback&lt;/A&gt;. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost:3443' is therefore not allowed access.&lt;BR /&gt;&lt;BR /&gt;Any ideas? Does your response from before still apply to this case?&amp;nbsp;&lt;BR /&gt;Many thanks for your time.&lt;/P&gt;</description>
      <pubDate>Thu, 13 Apr 2017 23:05:51 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/216075#M11157</guid>
      <dc:creator>fa11</dc:creator>
      <dc:date>2017-04-13T23:05:51Z</dc:date>
    </item>
    <item>
      <title>Re: Dropbox API: No CORS header present</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/216090#M11159</link>
      <description>As far as I can tell, the only difference between the two errors is the redaction, so I don't have any new insight to offer here.</description>
      <pubDate>Fri, 14 Apr 2017 02:04:26 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/216090#M11159</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2017-04-14T02:04:26Z</dc:date>
    </item>
    <item>
      <title>Re: Dropbox API: No CORS header present</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/216306#M11201</link>
      <description>&lt;P&gt;Right. Thanks a lot!&lt;/P&gt;</description>
      <pubDate>Sat, 15 Apr 2017 11:06:29 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-API-No-CORS-header-present/m-p/216306#M11201</guid>
      <dc:creator>fa11</dc:creator>
      <dc:date>2017-04-15T11:06:29Z</dc:date>
    </item>
  </channel>
</rss>

