<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Direct link for file download in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372256#M20968</link>
    <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1219561"&gt;@Ashu7878&lt;/a&gt;&amp;nbsp;The domain is the same for all users from all countries. I just can't promise that it won't change in the future.&lt;/P&gt;
&lt;P&gt;In general though, there isn't a way to verify the source of the link since it is shared locally in JavaScript in the client, and the client can't be trusted (since it is under the control of the user, who may or may not be malicious). If you have any general web security questions, I&amp;nbsp;recommend reaching out to a security professional.&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Thu, 17 Oct 2019 18:08:15 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2019-10-17T18:08:15Z</dc:date>
    <item>
      <title>Direct link for file download</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/371734#M20957</link>
      <description>&lt;P&gt;Hello All,&lt;/P&gt;
&lt;P&gt;I am new here and new to Dropbox integration. In my application we use chooser to select the files from end-user's dropbox account. When the user selects a file, the response contains a download url which is something like this -&amp;nbsp;&lt;A href="https://dl.dropboxusercontent.com/1/view/uziu191sh0ilvkq/Get%20Started%20with%20Dropbox.pdf" target="_blank" rel="noopener"&gt;https://dl.dropboxusercontent.com/1/view/uziu191sh0ilvkq/Get%20Started%20with%20Dropbox.pdf&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;Now my problem is that, if this request is intercepted by someone and they change this url, it lets user to upload the the file from other source. This is wrong behaviour. I want to restrict user to upload files only from Dropbox. So wanted to know if the domain name used in above example ("dl.dropboxusercontent.com") will always be same irrespective of end-user's country. If this domain is same we can match this as a pattern in backend and discard all other requests.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Has anyone faced this kind of problem before and any help on how to solve it would be helpful.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thank you in advance.&amp;nbsp;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 18 Mar 2020 09:22:04 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/371734#M20957</guid>
      <dc:creator>Ashu7878</dc:creator>
      <dc:date>2020-03-18T09:22:04Z</dc:date>
    </item>
    <item>
      <title>Re: Direct link for file download</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/371741#M20958</link>
      <description>&lt;DIV&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;Hey &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1219561"&gt;@Ashu7878&lt;/a&gt;, welcome aboard!&amp;nbsp;&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;Following-up from what you’re describing us, I’m wondering whether your inquiry pertains to how you could &lt;/SPAN&gt;&lt;SPAN class="attrlink url author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;&lt;A class="attrlink" href="https://www.dropbox.com/developers/documentation/http/documentation" target="_blank" rel="noreferrer nofollow noopener" data-target-href="https://www.dropbox.com/developers/documentation/http/documentation"&gt;integrate Dropbox&lt;/A&gt;&lt;/SPAN&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt; with an app you’re developing or you’re referring to a specific integration that you’ve incorporated in your workflow.&amp;nbsp;&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;Would you mind clarifying this point for me, as this would lead us to the best next steps?&amp;nbsp;&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;Thanks in advance!&lt;/SPAN&gt;&lt;/DIV&gt;</description>
      <pubDate>Tue, 15 Oct 2019 21:57:31 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/371741#M20958</guid>
      <dc:creator>Jane</dc:creator>
      <dc:date>2019-10-15T21:57:31Z</dc:date>
    </item>
    <item>
      <title>Re: Direct link for file download</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/371742#M20959</link>
      <description>&lt;P&gt;Hi Jane,&amp;nbsp;&lt;/P&gt;&lt;P&gt;Sorry for the confusion. I am&amp;nbsp;&lt;SPAN&gt;referring to a specific dropbox integration that I have incorporated in the workflow.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 15 Oct 2019 21:59:43 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/371742#M20959</guid>
      <dc:creator>Ashu7878</dc:creator>
      <dc:date>2019-10-15T21:59:43Z</dc:date>
    </item>
    <item>
      <title>Re: Direct link for file download</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372042#M20960</link>
      <description>&lt;DIV&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;Thank for clarifying &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1219561"&gt;@Ashu7878&lt;/a&gt;!&amp;nbsp;&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;As you mentioned that you’re using an existing integration with Dropbox, I’d appreciate it if you could specify which one it is in your next message. Are you using&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN class="attrlink url author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;&lt;A class="attrlink" href="https://help.dropbox.com/files-folders/share/create-file-request" target="_blank" rel="noreferrer nofollow noopener" data-target-href="https://help.dropbox.com/files-folders/share/create-file-request"&gt;File Requests&lt;/A&gt;&lt;/SPAN&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt; to collect the files by any chance? If so, then anyone with the link should be able to upload, however you can close it at any time when you'd like to stop receiving files.&amp;nbsp;&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;Incidentally, have you by any chance run into this issue? If that’s happened, I’d like to replicate &amp;amp; see if I’m getting the same results on my end, so it would be very helpful if you described me what’s led you to this in as much detail as possible.&amp;nbsp;&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN class=" author-d-iz88z86z86za0dz67zz78zz78zz74zz68zjz80zz71z9iz90za3z66zsz65z7gz85zz86zz70zz79zz80z3z85z6z87ziz78zz83zigfz86zz80z5z80zblcz70zz86z"&gt;I look forward to hearing back from you!&lt;/SPAN&gt;&lt;/DIV&gt;</description>
      <pubDate>Wed, 16 Oct 2019 20:16:49 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372042#M20960</guid>
      <dc:creator>Jane</dc:creator>
      <dc:date>2019-10-16T20:16:49Z</dc:date>
    </item>
    <item>
      <title>Re: Direct link for file download</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372068#M20961</link>
      <description>&lt;P&gt;Hi Jane,&amp;nbsp;&lt;/P&gt;&lt;P&gt;I am not using the&amp;nbsp;&lt;A href="https://help.dropbox.com/files-folders/share/create-file-request" target="_blank" rel="noreferrer noopener noopener noreferrer"&gt;File Requests&lt;/A&gt;&amp;nbsp;integration. The integration is to download the files from Dropbox account. I am not sure what is the name of the integration as this is legacy code but we allow user to login to his dropbox account and select a file that he wishes to upload to our his account for our application. Once he selects a file from his dropbox account, I get direct download URL like this -&amp;nbsp;&lt;A href="https://dl.dropboxusercontent.com/1/view/uziu191sh0ilvkq/Get%20Started%20with%20Dropbox.pdf" target="_blank" rel="nofollow noopener noreferrer"&gt;https://dl.dropboxusercontent.com/1/view/uziu191sh0ilvkq/Get%20Started%20with%20Dropbox.pdf&lt;/A&gt;&amp;nbsp;using which I download the file contents and upload to user's account.&amp;nbsp;&lt;/P&gt;&lt;P&gt;Please let me know if you have a support group alias where I can create a query for the issue we are facing. Our application has buisness integration with DropBox.&lt;/P&gt;&lt;P&gt;Thanks,&lt;/P&gt;&lt;P&gt;Aasawari&lt;/P&gt;</description>
      <pubDate>Wed, 16 Oct 2019 22:22:07 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372068#M20961</guid>
      <dc:creator>Ashu7878</dc:creator>
      <dc:date>2019-10-16T22:22:07Z</dc:date>
    </item>
    <item>
      <title>Re: Direct link for file download</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372105#M20962</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/330246"&gt;@Jane&lt;/a&gt;,&amp;nbsp;the integration that Ashu is referring to is &lt;A href="https://www.dropbox.com/developers/chooser" target="_blank"&gt;Chooser&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1219561"&gt;@Ashu7878&lt;/a&gt;,&amp;nbsp;you probably want to post this in the Developer section of the forums.&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://www.dropboxforum.com/t5/API-Support-Feedback/bd-p/101000014" target="_blank"&gt;https://www.dropboxforum.com/t5/API-Support-Feedback/bd-p/101000014&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;I'll move the thread over there.&lt;/P&gt;</description>
      <pubDate>Thu, 17 Oct 2019 01:56:57 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372105#M20962</guid>
      <dc:creator>Rich</dc:creator>
      <dc:date>2019-10-17T01:56:57Z</dc:date>
    </item>
    <item>
      <title>Re: Direct link for file download</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372204#M20966</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1219561"&gt;@Ashu7878&lt;/a&gt;&amp;nbsp;Right now, the direct links returned by the&amp;nbsp;Dropbox Chooser are always on&amp;nbsp;dl.dropboxusercontent.com, but that isn't officially documented or guaranteed, so I can't promise that won't change.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I'll pass this along as a request to officially document/guarantee that,&amp;nbsp;but I can't say if or when that might be done.&lt;/P&gt;</description>
      <pubDate>Thu, 17 Oct 2019 13:39:06 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372204#M20966</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2019-10-17T13:39:06Z</dc:date>
    </item>
    <item>
      <title>Re: Direct link for file download</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372255#M20967</link>
      <description>&lt;P&gt;Hi Greg,&amp;nbsp;&lt;/P&gt;&lt;P&gt;The direct link domain is going to be same (which is&amp;nbsp;&lt;SPAN&gt;dl.dropboxusercontent.com&lt;/SPAN&gt;) for all the countries from where user accesses dropbox account or it will change? What I mean is if user accesses it from uk will it change to something like this -&amp;nbsp;&lt;SPAN&gt;dl.dropboxusercontent.co.uk ? We have user's across globe who will be accessing this.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Also the problem I am trying to solve here is not about the domain name but more of how to verify that source of direct link is from DropBox in the request. If a malicious user intercepts the request and modifies the direct link in the request, a different file will be uploaded.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;I would love to know how some of other people here who use DropBox chooser have solved this kind of problem.&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 17 Oct 2019 18:00:03 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372255#M20967</guid>
      <dc:creator>Ashu7878</dc:creator>
      <dc:date>2019-10-17T18:00:03Z</dc:date>
    </item>
    <item>
      <title>Re: Direct link for file download</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372256#M20968</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1219561"&gt;@Ashu7878&lt;/a&gt;&amp;nbsp;The domain is the same for all users from all countries. I just can't promise that it won't change in the future.&lt;/P&gt;
&lt;P&gt;In general though, there isn't a way to verify the source of the link since it is shared locally in JavaScript in the client, and the client can't be trusted (since it is under the control of the user, who may or may not be malicious). If you have any general web security questions, I&amp;nbsp;recommend reaching out to a security professional.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 17 Oct 2019 18:08:15 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Direct-link-for-file-download/m-p/372256#M20968</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2019-10-17T18:08:15Z</dc:date>
    </item>
  </channel>
</rss>

