We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

AlemoDaniel's avatar
AlemoDaniel
Helpful | Level 6
7 years ago

CORS Problem with Namespace and Dropbox-API-Path-Root header

Trying to list team root folders using this request from the namespace guide:

curl -X POST https://api.dropboxapi.com/2/files/list_folder \
--header "Authorization: Bearer <token>" \
--header "Content-Type: application/json" \
--header 'Dropbox-API-Path-Root: {".tag": "root", "root":"<namespace_id>"}' \
--data '{"path":""}'

This works from the console. However, when using inside a Browser using xhr, i am running into a CORS problem:

 

Failed to load https://api.dropboxapi.com/2/files/list_folder:
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:7331' is therefore not allowed access.
The response had HTTP status code 400.

The request will work for any other folders, it seems the problem lies within the custom header (Dropbox-API-Path-Root)

Is there any way to solve this? Thank you in advance :)

  • So i found that this works:

    curl -X POST https://api.dropboxapi.com/2/files/list_folder?path_root={".tag": "root", "root":"<namespace_id>"} \
    --header "Authorization: Bearer <token>" \
    --header "Content-Type: application/json" \
    --data '{"path":""}'

     I didn't find this specific implementation documented anywhere, but rather derived from section Browser-based JavaScript and CORS pre-flight requests from the documentation:

    Use URL parameters arg and authorization instead of HTTP headers Dropbox-API-Argand Authorization.

     

    I think it would still be cool, if Dropbox-API-Path-Root would be added to allowed headers. Currently this is the response i get:

    Access-Control-Allow-Headers: Origin, Accept-Language, Content-Language, Cache-Control,
    Dropbox-API-Select-User, Accept, Range, Referer, Dropbox-API-Arg, If-Modified-Since,
    If-None-Match, Content-Type, Dropbox-API-User-Locale, Authorization

    As you see, Dropbox-API-Arg is already supported, so there is no need to work around the preflight request

  • Greg-DB's avatar
    Greg-DB
    7 years ago
    These headers have been added, so this should work now. Hope this helps!
  • AlemoDaniel's avatar
    AlemoDaniel
    Helpful | Level 6

    So i found that this works:

    curl -X POST https://api.dropboxapi.com/2/files/list_folder?path_root={".tag": "root", "root":"<namespace_id>"} \
    --header "Authorization: Bearer <token>" \
    --header "Content-Type: application/json" \
    --data '{"path":""}'

     I didn't find this specific implementation documented anywhere, but rather derived from section Browser-based JavaScript and CORS pre-flight requests from the documentation:

    Use URL parameters arg and authorization instead of HTTP headers Dropbox-API-Argand Authorization.

     

    I think it would still be cool, if Dropbox-API-Path-Root would be added to allowed headers. Currently this is the response i get:

    Access-Control-Allow-Headers: Origin, Accept-Language, Content-Language, Cache-Control,
    Dropbox-API-Select-User, Accept, Range, Referer, Dropbox-API-Arg, If-Modified-Since,
    If-None-Match, Content-Type, Dropbox-API-User-Locale, Authorization

    As you see, Dropbox-API-Arg is already supported, so there is no need to work around the preflight request

    • Greg-DB's avatar
      Greg-DB
      Icon for Dropbox Staff rankDropbox Staff
      Thanks for the report! I'll ask the team to update our CORS implementation to allow this.
      • AlemoDaniel's avatar
        AlemoDaniel
        Helpful | Level 6
        Thanks, that would be awesome. Also would be cool to have the url hacking documented a bit more detailed somewhere :)

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 12 months ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!