cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: HEAD request to get Content-Type of shared file no longer working

Labels:

HEAD request to get Content-Type of shared file no longer working

bolddp
Helpful | Level 5
‎02-10-2022 01:31 PM

For a few years now, I've been able to use HEAD requests from my web page to verify that a Dropbox link that a user provides points to a "Content-Type: video/mp4" file

 

All of a sudden I get the following headers (some omitted for brevity):

 

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
Cache-Control: max-age=60
Content-Disposition: inline; filename="Survive2018.mp4"; filename*=UTF-8''Survive2018.mp4
Content-Security-Policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups
Content-Security-Policy: form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Etag: 124921d
Pragma: public
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Dropbox-Content-Length: 3939168897
X-Robots-Tag: noindex, nofollow, noimageindex
X-Server-Response-Time: 56
Content-Type: application/json
Accept-Encoding: identity,gzip
Date: Thu, 10 Feb 2022 21:05:14 GMT
Server: envoy
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow, noimageindex
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: 2acb520e314c461d966a55c73bb7b017
Transfer-Encoding: chunked

 

 

The content type is now set to "application/json". Is this by design or is it a bug? Does it have to do with "X-Content-Type-Options: nosniff"?

 

Thx!

Labels:
  • 0 Likes
  • 7 Replies
  • 1,253 Views
0 Likes
7 Replies 7

Здравко
Legendary | Level 20
‎02-10-2022 05:00 PM

Hi @bolddp,

Hah.. Seems really the HEAD requests response brings up bugs. 🤷 Let's hope this trouble will be fixed soon.

By the way you can temporary workaround with a dummy GET request with a single byte range. 😉 Just make sure within the GET request is a header like:

Range: bytes=0-0

Hope this helps to some extent.

Greg-DB
Dropbox Staff
‎02-11-2022 09:31 AM

Thanks for the report! We'll look into it.

bolddp
Helpful | Level 5
‎02-13-2022 09:19 AM

@Здравко That was a new trick to me, and it seems to work just fine. Thx a lot for the help!

0 Likes

frebours
New member | Level 2
‎05-05-2022 11:54 PM

Hello @Greg-DB,

 

Do you have any update on this issue?

Is there a plan to fix it on your side and by when?

Thanks.

 

0 Likes

Greg-DB
Dropbox Staff
‎05-06-2022 06:23 AM

@frebours This is still open with engineering, but I don't have an update or timeline to share. I'll follow up here once I have any news.

0 Likes

usman61578
New member | Level 2
3 weeks ago

Same issues while I'm getting content-length of the file from the direct download link but it's not working, When I try with the Google Drive direct download link it gives all headers data I think because they accept "access-control-allow-methods" to "GET, HEAD, OPTIONS". Maybe the "Head" method is not allowed in Dropbox for file HTTP requests.

0 Likes

usman61578
New member | Level 2
3 weeks ago
Thanks, bro this helped me
0 Likes
Need more support?