You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
AlemoDaniel
7 years agoHelpful | Level 6
CORS Problem with Namespace and Dropbox-API-Path-Root header
Trying to list team root folders using this request from the namespace guide:
curl -X POST https://api.dropboxapi.com/2/files/list_folder \ --header "Authorization: Bearer <token>" \ --header "Content-Type: application/json" \ --header 'Dropbox-API-Path-Root: {".tag": "root", "root":"<namespace_id>"}' \ --data '{"path":""}'
This works from the console. However, when using inside a Browser using xhr, i am running into a CORS problem:
Failed to load https://api.dropboxapi.com/2/files/list_folder:
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:7331' is therefore not allowed access.
The response had HTTP status code 400.
The request will work for any other folders, it seems the problem lies within the custom header (Dropbox-API-Path-Root)
Is there any way to solve this? Thank you in advance :)
So i found that this works:
curl -X POST https://api.dropboxapi.com/2/files/list_folder?path_root={".tag": "root", "root":"<namespace_id>"} \ --header "Authorization: Bearer <token>" \ --header "Content-Type: application/json" \ --data '{"path":""}'
I didn't find this specific implementation documented anywhere, but rather derived from section Browser-based JavaScript and CORS pre-flight requests from the documentation:
Use URL parameters
arg
andauthorization
instead of HTTP headersDropbox-API-Arg
andAuthorization
.I think it would still be cool, if Dropbox-API-Path-Root would be added to allowed headers. Currently this is the response i get:
Access-Control-Allow-Headers: Origin, Accept-Language, Content-Language, Cache-Control,
Dropbox-API-Select-User, Accept, Range, Referer, Dropbox-API-Arg, If-Modified-Since,
If-None-Match, Content-Type, Dropbox-API-User-Locale, AuthorizationAs you see, Dropbox-API-Arg is already supported, so there is no need to work around the preflight request
- These headers have been added, so this should work now. Hope this helps!
- AlemoDanielHelpful | Level 6
So i found that this works:
curl -X POST https://api.dropboxapi.com/2/files/list_folder?path_root={".tag": "root", "root":"<namespace_id>"} \ --header "Authorization: Bearer <token>" \ --header "Content-Type: application/json" \ --data '{"path":""}'
I didn't find this specific implementation documented anywhere, but rather derived from section Browser-based JavaScript and CORS pre-flight requests from the documentation:
Use URL parameters
arg
andauthorization
instead of HTTP headersDropbox-API-Arg
andAuthorization
.I think it would still be cool, if Dropbox-API-Path-Root would be added to allowed headers. Currently this is the response i get:
Access-Control-Allow-Headers: Origin, Accept-Language, Content-Language, Cache-Control,
Dropbox-API-Select-User, Accept, Range, Referer, Dropbox-API-Arg, If-Modified-Since,
If-None-Match, Content-Type, Dropbox-API-User-Locale, AuthorizationAs you see, Dropbox-API-Arg is already supported, so there is no need to work around the preflight request
- Greg-DBDropbox StaffThanks for the report! I'll ask the team to update our CORS implementation to allow this.
- AlemoDanielHelpful | Level 6Thanks, that would be awesome. Also would be cool to have the url hacking documented a bit more detailed somewhere :)
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,910 PostsLatest Activity: 3 days agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!