cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Embedder error on iPhone browsers

Embedder error on iPhone browsers

moosterbaan
Helpful | Level 6

I am using the dropbox embedder on my website. It works as expected except on iPhone devices. I have tried it on two different iPhones using the Safari, Chrome, and Firefox apps and they all have the same result:

74F2BA6F-78A8-406D-8000-B84AB337027C.jpeg

When the page loads, there is a message shown asking the user to allow cookies. Tapping the Allow Cookies button seems to reload the embedder, but the message is always shown. I have tried checking the settings of the browser apps, but there is no setting to turn cookies on or off. I also tried deleting cached files and cookies in the browser. This was at one point working on iPhones, but I was just told that it stopped about 1 month ago.

Below is the message that is logged in the console:

 

www.dropbox.com/log/telemetry:1 POST https://www.dropbox.com/log/telemetry 403
Unrecognized Content-Security-Policy directive 'worker-src'.

add_events:1 POST https://www.dropbox.com/2/event_logging/add_events?t=nkgw44qiKE1BDJTFf2rFy53gUP6WMLFqsUeGPH8-oJM 401
add_events:1 POST https://www.dropbox.com/2/event_logging/add_events?t=nkgw44qiKE1BDJTFf2rFy53gUP6WMLFqsUeGPH8-oJM 401
www.dropbox.com/2/client_metrics/record:1 POST https://www.dropbox.com/2/client_metrics/record 401
www.dropbox.com/2/users/get_current_account:1 POST https://www.dropbox.com/2/users/get_current_account 401
www.dropbox.com/2/previews/get_preview_data_batch:1 POST https://www.dropbox.com/2/previews/get_preview_data_batch 401
www.dropbox.com/dropins/log_event:1 POST https://www.dropbox.com/dropins/log_event 403
www.dropbox.com/dropins/log_event:1 POST https://www.dropbox.com/dropins/log_event 403
www.dropbox.com/2/previews/get_preview_data_batch:1 POST https://www.dropbox.com/2/previews/get_preview_data_batch 401
www.dropbox.com/log/telemetry:1 POST https://www.dropbox.com/log/telemetry 403

 

19 Replies 19

Greg-DB
Dropbox Staff

Thanks for the report. For reference, can you let me know:

  • Do you have the "Prevent Cross-Site Tracking" setting in Settings.app > Safari enabled?
  • Are you placing the Embedder inside an iframe?

moosterbaan
Helpful | Level 6
  • Prevent Cross-Site Tracking was enabled by default. I tried disabling it, clearing the data, and closing safari then trying it again. The result was the same.
  • No, I am not using an iframe. Below is my relevant code:
    <html>
    <head runat="server">
    <script type="text/javascript" src="https://www.dropbox.com/static/api/2/dropins.js" id="dropboxjs" data-app-key="myKey"></script> </head> <body> <form runat="server"> <div class="row-container"> <a id="theFrame" class="row" style="height: 100%"></a> </div> </form> </body> </html> <script type="text/javascript"> let urlParams = new URLSearchParams(window.location.search); if (urlParams.has('Link')) { let element = document.getElementById('theFrame'); Dropbox.embed({ link: link }, element); } </script>

Greg-DB
Dropbox Staff

Thanks for the additional information. I just tried reproducing this with that code, and it only reproduces for me with "Prevent Cross-Site Tracking" enabled (and works fine with it disabled).

 

Please try this sample I just put up with this code (though I had to add a missing "link" definition): https://zealous-beaver-5f8cdb.netlify.app/?Link=https://www.dropbox.com/s/u0bdwmkjmqld9l2/dbx-suppor...

 

Let me know if you see the same behavior with that, where it fails both with and without "Prevent Cross-Site Tracking" enabled.

moosterbaan
Helpful | Level 6

Thanks for the reply. I disabled "Prevent Cross=Site Tracking" and can confirm that it works in Safari. However, it does not work in the Chrome app, even with Prevent Corss-Site Tracking disabled.

It seems like there should be a better solution than having to tell every user that they need to change their settings and only use Safari?

Greg-DB
Dropbox Staff

Yes, ideally we'll be able to resolve this on our side, but we just want to make sure we're reproducing exactly the issue you're reporting.

 

So, to be clear, if I understand your messages correctly, the issue does not appear on my sample site for you when you have "Prevent Cross-Site Tracking" disabled, but does still appear on your site for you even with "Prevent Cross-Site Tracking" disabled. Is that correct? If so, can you share a sample page that reproduces the issue even with "Prevent Cross-Site Tracking" disabled?

 

(Also, interestingly, the issue does not reproduce for me in Chrome on iOS, with or without "Prevent Cross-Site Tracking" disabled.)

moosterbaan
Helpful | Level 6

Thanks, I am glad to hear that. I don't think we're on the same page, so let me clarify.

 

Safari: works with PCST disabled, but not when it is enabled.

Chrome: does not work either way.

This is true for both your site and my internal website.

Greg-DB
Dropbox Staff

Got it, thanks! This is open with engineering for the case where "Prevent cross-site tracking" affects this. I'll follow up here once I have an update on that.

 

I still can't reproduce the behavior you're seeing in Chrome though. Can you let me know what version of iOS and Chrome you're seeing that with?

moosterbaan
Helpful | Level 6

Last week I was using a friend's device, so I'm not sure what versions he had. I just tried it on a different iPhone, and it does not work on that device with Chrome or Safari. This iPhone is using iOS 14.2 and Chrome version 87.0.4280.77

Greg-DB
Dropbox Staff

Thanks! I was on an older version where it does work in Chrome, for whatever reason. I'll ask the team to look into that variant as well.

Need more support?