cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Error 400 when trying to access file using "WinHttp.WinHttpRequest.5.1"

Error 400 when trying to access file using "WinHttp.WinHttpRequest.5.1"

rightcelebrator
Helpful | Level 6
Go to solution

Hello, i am doing simple download utility for my clients. I am using Autohotkey. 
The issue is that since 17.8.2021 the clients started to report that its not downloading from their dropbox anymore.
Here is what i am calling and what i am getting. Please help.
What was changed on dropbox that it stopped working.
What should i change to make it working.  I am using ComObjCreate("WinHttp.WinHttpRequest.5.1") ....
The ?DL=1 links are not working anymore for download using this winhttp api.
I also discovered that when i call the same for preview links: "....previews.dropboxusercontent.com/p/thumb/ABSRubXGoK0T0W ...... "  it is working without any issues. 


REQUEST:
GET: https://www.dropbox.com/s/bmfd5izc0fv8jc6/OP.png?dl=1
Host: www.dropbox.com
Connection: Keep-Alive
Accept-Language: en-US,en;q=0.5
Accept: */*
Content-Length: 0


RESPONSE:
301
Cache-Control: no-cache,no-cache, no-store
Date: Wed, 18 Aug 2021 15:42:39 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Location: /s/dl/bmfd5izc0fv8jc6/OP.png
Server: envoy
Set-Cookie: locale=en; Domain=dropbox.com; expires=Mon, 17 Aug 2026 15:42:39 GMT; Path=/; secure
Set-Cookie: gvc=NjgxNzA3OTMzMTEwMTYyMDkwOTk3NzkzNTc0MjUyNzQxMDUyNzY%3D; expires=Mon, 17 Aug 2026 15:42:39 GMT; httponly; Path=/; secure
Set-Cookie: flash=; Domain=dropbox.com; expires=Wed, 18 Aug 2021 15:42:39 GMT; Path=/; secure
Set-Cookie: bang=; Domain=dropbox.com; expires=Wed, 18 Aug 2021 15:42:39 GMT; Path=/; secure
Set-Cookie: t=sIP_2tsVv4n2ct9cvOvi8ETy; Domain=dropbox.com; expires=Sat, 17 Aug 2024 15:42:39 GMT; httponly; Path=/; secure
Set-Cookie: __Host-js_csrf=sIP_2tsVv4n2ct9cvOvi8ETy; expires=Sat, 17 Aug 2024 15:42:39 GMT; Path=/; secure
Vary: Accept-Encoding
Content-Security-Policy: sandbox
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow, noimageindex
X-Xss-Protection: 1; mode=block
Accept-Encoding: identity,gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: ef975f2f23f940b6b557d6855c1c6f0a

 

301 Moved Permanently
The resource has been moved to /s/dl/bmfd5izc0fv8jc6/OP.png;
you should be redirected automatically.

 

************************************
REQUEST:
GET: https://www.dropbox.com/s/dl/bmfd5izc0fv8jc6/OP.png
Host: www.dropbox.com
Connection: Keep-Alive
Accept-Language: en-US,en;q=0.5
Accept: */*
Content-Length: 0


RESPONSE:
302
Cache-Control: no-cache,no-cache, no-store
Date: Wed, 18 Aug 2021 15:42:39 GMT

Content-Length: 320
Content-Type: text/html; charset=utf-8
Location: https://uc6835574c7e19727c00c34ae5e3.dl.dropboxusercontent.com/cd/0/get/BUeStGh9vB8j_qb2apbOI3Dbyz4C...
Server: envoy
Set-Cookie: __Host-logged-out-session=ChA0JAjzLnbKYt1fmPgrN5rAEO%2FU9IgGGi5BQTUwXzhfdzBybEY4OHAtNlVmM1ZIUjZCZV8xZUtLZm9YaDJWQTlPS0FydzJn; httponly; Path=/; secure
Vary: Accept-Encoding
Content-Security-Policy: sandbox
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Xss-Protection: 1; mode=block
Accept-Encoding: identity,gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: dae6a503de034db9ab3946639e3c2359

 

302 Found
The resource was found at https://uc6835574c7e19727c00c34ae5e3.dl.dropboxusercontent.com/cd/0/get/BUeStGh9vB8j_qb2apbOI3Dbyz4C...;
you should be redirected automatically.

 

************************************
REQUEST:
GET: https://uc6835574c7e19727c00c34ae5e3.dl.dropboxusercontent.com/cd/0/get/BUeStGh9vB8j_qb2apbOI3Dbyz4C...
Host: uc6835574c7e19727c00c34ae5e3.dl.dropboxusercontent.com
Connection: Keep-Alive
Accept-Language: en-US,en;q=0.5
Accept: */*
Content-Length: 0


RESPONSE:
400
Connection: close
Date: Wed, 18 Aug 2021 15:42:39 GMT
Content-Length: 14468
Content-Type: text/html
Server: envoy
Vary: Accept-Encoding
X-Dropbox-Response-Origin: local

 

<!DOCTYPE html>
<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Dropbox</title>
<link href="https://cfl.dropboxstatic.com/static/css/error.css" rel="stylesheet" type="text/css"/>
<link rel="shortcut icon" href="https://cfl.dropboxstatic.com/static/images/favicon.ico"/>

</head>
<body>..........

1 Accepted Solution

Accepted Solutions

rightcelebrator
Helpful | Level 6
Go to solution

I found the reason and the solution..... 
the last redirect location was:

https://uc6f15ff258e57f8afd9c4e5d97e.dl.dropboxusercontent.com/cd/0/get/BU0a9_vyDu1w8UAsQg0cnf9-yTQJ...

And for some reason the WinHttp.WinHttpRequest.5.1 have issue with the # at the end of the link. So I assume, that that is the change which Dropbox did in last 2 weeks.

For this reason i cannot use build in redirects inside the WinHttp.WinHttpRequest.5.1 object. And i need to redirect by the script.
winHttp.Option(6) = false

And then just remove the # from the link which i retrieve from location.

Which means that https://uc6f15ff258e57f8afd9c4e5d97e.dl.dropboxusercontent.com/cd/0/get/BU0a9_vyDu1w8UAsQg0cnf9-yTQJ...

was working.

So its resolved.

 

Anyway it would be great if your server would not add the # to the location. 
Curl was working and it helped me to find out that it also removed the # from the link.

Thank you for support.



View solution in original post

8 Replies 8

Greg-DB
Dropbox Staff
Go to solution

@rightcelebrator Your thread was placed in the API section of the forum, but this issue doesn't appear to be related to the API itself. (Your sample isn't calling the actual Dropbox API, but rather is interacting with Dropbox shared links directly.) In addition, we can't offer help for Autohotkey or WinHttp.WinHttpRequest.5.1, as that's not made by Dropbox, but I'll try to offer whatever help I can.

 

First, is this issue still occurring for you now? I'm don't have Autohotkey/WinHttp.WinHttpRequest.5.1 available, but attempting to access your supplied link with dl=1 using curl works for me. Setting curl to follow redirects resulted in a final successful call with a 200 status code and the expected file data output.

rightcelebrator
Helpful | Level 6
Go to solution

Thank you. Yes the issue is still there.

You are right  i am not using api as by the nature of the software which i am doing, its not possible to do as api.
I also do not expect that you would give support of Autohotkey. 
And to use curl instead of com Object with Http.. is not an option for me. As you can see i followed the redirects as well but still got the 400 response.
I understand that curl is doing the job fine as well as any web browser. 
I am wondering if there is any way which would tell me why i get the e400 from your server based on the requests which i posted. 
And please understand that i was downloading from the Dropbox this way more then a year and suddenly it started to throw 400 a week ago. 

It would maybe help to know, what was changed, or what is expected to be included inside the request so that it works again.


Greg-DB
Dropbox Staff
Go to solution

First, for reference, the Dropbox API does offer the ability to retrieve file data from a shared link (without using the "dl=1" option on the link itself), via the /2/sharing/get_shared_link_file endpoint. You may want to look into whether or not that suits your use case.

 

Anyway, I don't know off hand what may have changed here, but I'll try to help however I can. Is the output you shared here the most verbose output you can get from your client? Unfortunately it doesn't offer anything I can use to track this down specifically. For instance, the final failing response doesn't contain a 'X-Dropbox-Request-Id' (though that may not be useful even if it were included since it's not an actual API request anyway).

 

In any case, I tried replicating the final call manually using curl, by sending the specific headers like shown in your output, but the request still worked. Are you able to manually reproduce this using curl by any chance? It would serve as a useful reference if you can, just for the sake of troubleshooting.

rightcelebrator
Helpful | Level 6
Go to solution

OK. Its a good point. I will try to use curl for testing purposes for this case.




From previous tests with comObject i saved the complete response including the html which dropbox returned. 

https://brain.industries/data/response.txt

There is really nothing more coming back.
It would be really nice if dropbox would respond with the reason of error.

Greg-DB
Dropbox Staff
Go to solution

Thanks. Yes, unfortunately there isn't really anything else here that would be useful. Let me know if you can reproduce this with curl directly though.

rightcelebrator
Helpful | Level 6
Go to solution

I found the reason and the solution..... 
the last redirect location was:

https://uc6f15ff258e57f8afd9c4e5d97e.dl.dropboxusercontent.com/cd/0/get/BU0a9_vyDu1w8UAsQg0cnf9-yTQJ...

And for some reason the WinHttp.WinHttpRequest.5.1 have issue with the # at the end of the link. So I assume, that that is the change which Dropbox did in last 2 weeks.

For this reason i cannot use build in redirects inside the WinHttp.WinHttpRequest.5.1 object. And i need to redirect by the script.
winHttp.Option(6) = false

And then just remove the # from the link which i retrieve from location.

Which means that https://uc6f15ff258e57f8afd9c4e5d97e.dl.dropboxusercontent.com/cd/0/get/BU0a9_vyDu1w8UAsQg0cnf9-yTQJ...

was working.

So its resolved.

 

Anyway it would be great if your server would not add the # to the location. 
Curl was working and it helped me to find out that it also removed the # from the link.

Thank you for support.



rightcelebrator
Helpful | Level 6
Go to solution

BTW

Please remove the # from the link so that automatic redirects of WinHttp.WinHttpRequest.5.1 are working with your links. 
Its not necessary to program own redirect resolver. 😞

Greg-DB
Dropbox Staff
Go to solution

Thanks for following up! I'm glad to hear you resolved this already.

Need more support?