Forum Discussion

Helpful | Level 6

7 years ago

CORS Problem with Namespace and Dropbox-API-Path-Root header

Trying to list team root folders using this request from the namespace guide: curl -X POST https://api.dropboxapi.com/2/files/list_folder \ --header "Authorization: Bearer <token>" \ --header "Cont...

API

AlemoDaniel
7 years ago
So i found that this works:

curl -X POST https://api.dropboxapi.com/2/files/list_folder?path_root={".tag": "root", "root":"<namespace_id>"} \ --header "Authorization: Bearer <token>" \ --header "Content-Type: application/json" \ --data '{"path":""}'

I didn't find this specific implementation documented anywhere, but rather derived from section Browser-based JavaScript and CORS pre-flight requests from the documentation:

Use URL parameters arg and authorization instead of HTTP headers Dropbox-API-Argand Authorization.

I think it would still be cool, if Dropbox-API-Path-Root would be added to allowed headers. Currently this is the response i get:

Access-Control-Allow-Headers: Origin, Accept-Language, Content-Language, Cache-Control,
Dropbox-API-Select-User, Accept, Range, Referer, Dropbox-API-Arg, If-Modified-Since,
If-None-Match, Content-Type, Dropbox-API-User-Locale, Authorization

As you see, Dropbox-API-Arg is already supported, so there is no need to work around the preflight request
Greg-DB
7 years ago
These headers have been added, so this should work now. Hope this helps!

AlemoDaniel

Helpful | Level 6

7 years ago

So i found that this works:

curl -X POST https://api.dropboxapi.com/2/files/list_folder?path_root={".tag": "root", "root":"<namespace_id>"} \
--header "Authorization: Bearer <token>" \
--header "Content-Type: application/json" \
--data '{"path":""}'

I didn't find this specific implementation documented anywhere, but rather derived from section Browser-based JavaScript and CORS pre-flight requests from the documentation:

Use URL parameters arg and authorization instead of HTTP headers Dropbox-API-Argand Authorization.

I think it would still be cool, if Dropbox-API-Path-Root would be added to allowed headers. Currently this is the response i get:

Access-Control-Allow-Headers: Origin, Accept-Language, Content-Language, Cache-Control,
     Dropbox-API-Select-User, Accept, Range, Referer, Dropbox-API-Arg, If-Modified-Since, 
     If-None-Match, Content-Type, Dropbox-API-User-Locale, Authorization

As you see, Dropbox-API-Arg is already supported, so there is no need to work around the preflight request

Greg-DB
Dropbox Staff
7 years ago
Thanks for the report! I'll ask the team to update our CORS implementation to allow this.
- AlemoDaniel
  Helpful | Level 6
  7 years ago
  Thanks, that would be awesome. Also would be cool to have the url hacking documented a bit more detailed somewhere :)
  - Greg-DB
    Dropbox Staff
    7 years ago
    No problem, I'll ask the team to expand the documentation on this as well.

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 7 hours ago

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

CORS Problem with Namespace and Dropbox-API-Path-Root header

About Dropbox API Support & Feedback

Related Content

Target team folders without namespace

Use /get_thumbnail_v2 in <img> tag together with Dropbox-API-Path-Root

Namespace Lock Contentions

List Namespaces in API

Different namespace behavior /files/list_folder and /files/search_v2 API calls, bug?

Recent Discussions

Trying to download a file, but no file is being downloaded.

Dropbox internal error occured - Resolution

How to add the entire team to team folder by api

API Upload .HEIC and convert to JPG

Invalid Folder Name with Team API