We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
CORS Problem with Namespace and Dropbox-API-Path-Root header
Trying to list team root folders using this request from the namespace guide:
curl -X POST https://api.dropboxapi.com/2/files/list_folder \
--header "Authorization: Bearer <token>" \
--header "Content-Type: application/json" \
--header 'Dropbox-API-Path-Root: {".tag": "root", "root":"<namespace_id>"}' \
--data '{"path":""}'
This works from the console. However, when using inside a Browser using xhr, i am running into a CORS problem:
Failed to load https://api.dropboxapi.com/2/files/list_folder:
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:7331' is therefore not allowed access.
The response had HTTP status code 400.
The request will work for any other folders, it seems the problem lies within the custom header (Dropbox-API-Path-Root)
Is there any way to solve this? Thank you in advance :)
So i found that this works:
curl -X POST https://api.dropboxapi.com/2/files/list_folder?path_root={".tag": "root", "root":"<namespace_id>"} \ --header "Authorization: Bearer <token>" \ --header "Content-Type: application/json" \ --data '{"path":""}'I didn't find this specific implementation documented anywhere, but rather derived from section Browser-based JavaScript and CORS pre-flight requests from the documentation:
Use URL parameters
argandauthorizationinstead of HTTP headersDropbox-API-ArgandAuthorization.I think it would still be cool, if Dropbox-API-Path-Root would be added to allowed headers. Currently this is the response i get:
Access-Control-Allow-Headers: Origin, Accept-Language, Content-Language, Cache-Control,
Dropbox-API-Select-User, Accept, Range, Referer, Dropbox-API-Arg, If-Modified-Since,
If-None-Match, Content-Type, Dropbox-API-User-Locale, AuthorizationAs you see, Dropbox-API-Arg is already supported, so there is no need to work around the preflight request
- These headers have been added, so this should work now. Hope this helps!
So i found that this works:
curl -X POST https://api.dropboxapi.com/2/files/list_folder?path_root={".tag": "root", "root":"<namespace_id>"} \ --header "Authorization: Bearer <token>" \ --header "Content-Type: application/json" \ --data '{"path":""}'I didn't find this specific implementation documented anywhere, but rather derived from section Browser-based JavaScript and CORS pre-flight requests from the documentation:
Use URL parameters
argandauthorizationinstead of HTTP headersDropbox-API-ArgandAuthorization.I think it would still be cool, if Dropbox-API-Path-Root would be added to allowed headers. Currently this is the response i get:
Access-Control-Allow-Headers: Origin, Accept-Language, Content-Language, Cache-Control,
Dropbox-API-Select-User, Accept, Range, Referer, Dropbox-API-Arg, If-Modified-Since,
If-None-Match, Content-Type, Dropbox-API-User-Locale, AuthorizationAs you see, Dropbox-API-Arg is already supported, so there is no need to work around the preflight request
- Greg-DB
Dropbox Staff
Thanks for the report! I'll ask the team to update our CORS implementation to allow this.- Thanks, that would be awesome. Also would be cool to have the url hacking documented a bit more detailed somewhere :)
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
