Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
I am using the dropbox embedder on my website. It works as expected except on iPhone devices. I have tried it on two different iPhones using the Safari, Chrome, and Firefox apps and they all have the same result:
When the page loads, there is a message shown asking the user to allow cookies. Tapping the Allow Cookies button seems to reload the embedder, but the message is always shown. I have tried checking the settings of the browser apps, but there is no setting to turn cookies on or off. I also tried deleting cached files and cookies in the browser. This was at one point working on iPhones, but I was just told that it stopped about 1 month ago.
Below is the message that is logged in the console:
www.dropbox.com/log/telemetry:1 POST https://www.dropbox.com/log/telemetry 403 Unrecognized Content-Security-Policy directive 'worker-src'. add_events:1 POST https://www.dropbox.com/2/event_logging/add_events?t=nkgw44qiKE1BDJTFf2rFy53gUP6WMLFqsUeGPH8-oJM 401 add_events:1 POST https://www.dropbox.com/2/event_logging/add_events?t=nkgw44qiKE1BDJTFf2rFy53gUP6WMLFqsUeGPH8-oJM 401 www.dropbox.com/2/client_metrics/record:1 POST https://www.dropbox.com/2/client_metrics/record 401 www.dropbox.com/2/users/get_current_account:1 POST https://www.dropbox.com/2/users/get_current_account 401 www.dropbox.com/2/previews/get_preview_data_batch:1 POST https://www.dropbox.com/2/previews/get_preview_data_batch 401 www.dropbox.com/dropins/log_event:1 POST https://www.dropbox.com/dropins/log_event 403 www.dropbox.com/dropins/log_event:1 POST https://www.dropbox.com/dropins/log_event 403 www.dropbox.com/2/previews/get_preview_data_batch:1 POST https://www.dropbox.com/2/previews/get_preview_data_batch 401 www.dropbox.com/log/telemetry:1 POST https://www.dropbox.com/log/telemetry 403
Thanks for the report. For reference, can you let me know:
<html>
<head runat="server">
<script type="text/javascript" src="https://www.dropbox.com/static/api/2/dropins.js" id="dropboxjs" data-app-key="myKey"></script> </head> <body> <form runat="server"> <div class="row-container"> <a id="theFrame" class="row" style="height: 100%"></a> </div> </form> </body> </html> <script type="text/javascript"> let urlParams = new URLSearchParams(window.location.search); if (urlParams.has('Link')) { let element = document.getElementById('theFrame'); Dropbox.embed({ link: link }, element); } </script>
Thanks for the additional information. I just tried reproducing this with that code, and it only reproduces for me with "Prevent Cross-Site Tracking" enabled (and works fine with it disabled).
Please try this sample I just put up with this code (though I had to add a missing "link" definition): https://zealous-beaver-5f8cdb.netlify.app/?Link=https://www.dropbox.com/s/u0bdwmkjmqld9l2/dbx-suppor...
Let me know if you see the same behavior with that, where it fails both with and without "Prevent Cross-Site Tracking" enabled.
Thanks for the reply. I disabled "Prevent Cross=Site Tracking" and can confirm that it works in Safari. However, it does not work in the Chrome app, even with Prevent Corss-Site Tracking disabled.
It seems like there should be a better solution than having to tell every user that they need to change their settings and only use Safari?
Yes, ideally we'll be able to resolve this on our side, but we just want to make sure we're reproducing exactly the issue you're reporting.
So, to be clear, if I understand your messages correctly, the issue does not appear on my sample site for you when you have "Prevent Cross-Site Tracking" disabled, but does still appear on your site for you even with "Prevent Cross-Site Tracking" disabled. Is that correct? If so, can you share a sample page that reproduces the issue even with "Prevent Cross-Site Tracking" disabled?
(Also, interestingly, the issue does not reproduce for me in Chrome on iOS, with or without "Prevent Cross-Site Tracking" disabled.)
Thanks, I am glad to hear that. I don't think we're on the same page, so let me clarify.
Safari: works with PCST disabled, but not when it is enabled.
Chrome: does not work either way.
This is true for both your site and my internal website.
Got it, thanks! This is open with engineering for the case where "Prevent cross-site tracking" affects this. I'll follow up here once I have an update on that.
I still can't reproduce the behavior you're seeing in Chrome though. Can you let me know what version of iOS and Chrome you're seeing that with?
Last week I was using a friend's device, so I'm not sure what versions he had. I just tried it on a different iPhone, and it does not work on that device with Chrome or Safari. This iPhone is using iOS 14.2 and Chrome version 87.0.4280.77
Thanks! I was on an older version where it does work in Chrome, for whatever reason. I'll ask the team to look into that variant as well.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!