We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
theTutor
5 years agoExplorer | Level 3
get_temporary_link with zip files causing Google Chrome warning
Hi
Google Chrome (83, Mac) has started giving me a 'Dangerous File' warning whenever trying to download zip files specifically served by the 'get_temporary_link' API call. I have 'Safe Browsing...
- 5 years ago
This should be fixed now. Please let us know if you're still seeing any issues like this.
Greg-DB
5 years agoDropbox Staff
Thanks for the report. I just tried this myself and I was able to reproduce this warning in Chrome with a temporary link to a zip file with some junk in it. A txt file worked fine for me though as well.
I also accessed my two temporary links directly, and the only differences seem to be, aside from the file data itself:
- the "Content-Type" header: "application/zip" vs. "text/plain; charset=utf-8"
- the lack of the "Vary: Accept-Encoding" header
- the "x-dropbox-request-id" header value (both randomly generated)
- the "etag" value (though this is opaque anyway)
- the "content-disposition" header "filename" value: reflecting the respective file name and extension for each, ".zip" vs. ".txt"
Of those, I think it's likely the "Content-Type" and/or the "content-disposition" that Chrome is suspicious of (since .zip could potentially hide something more dangerous than .txt would), perhaps combined with different levels of trust of the Dropbox API server host as compared to others like S3.
Unfortunately, it doesn't look like there's anything for us to fix on our side, since the HTTPS response is valid in both cases, and the logic for this warning is controlled by Google of course. Dropbox also doesn't offer ways to configure the specifics, e.g., the headers, of the response (though we don't know what specifically is causing Chrome to decide to show this anyway).
I'll raise this with the team, but I can't promise if this is something we'd be able to resolve. You may wish to raise this as an issue with Google.
- theTutor5 years agoExplorer | Level 3
Thanks for the reply. If it helps, I've copied the headers below for the same file downloaded through Amazon S3 (which was considered safe by Google), their headers are more 'threadbare'.
But I agree, ultimately this seems down to some internal logic at Google, and while I will report this I wonder if Dropbox could also report this themseleves, considering this is an issue that you've independantly confirmed and one that is likely to affect all dropbox customers using this API call (and potentially other API calls) for delivering zip files?
HTTP/1.1 200 OK x-amz-id-2: 7MxPN6hDhv+Rmb9kvfQN64Z2WnSeGI5jhHvP2s6OGpSo7B4ORWyFQ/A+TnOzkTtqN8AAKnj6He0= x-amz-request-id: A1EA9FD1D0064990 Date: Mon, 29 Jun 2020 08:32:31 GMT Last-Modified: Tue, 02 Jun 2020 11:31:27 GMT ETag: "72b5b016974907dcadc1644b08ff28c6-4" Accept-Ranges: bytes Content-Type: application/zip Content-Length: 60328012 Server: AmazonS3
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,877 PostsLatest Activity: 12 months agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!