Re: Embedder error on iPhone browsers

moosterbaan · ‎12-02-2020

I am using the dropbox embedder on my website. It works as expected except on iPhone devices. I have tried it on two different iPhones using the Safari, Chrome, and Firefox apps and they all have the same result:

When the page loads, there is a message shown asking the user to allow cookies. Tapping the Allow Cookies button seems to reload the embedder, but the message is always shown. I have tried checking the settings of the browser apps, but there is no setting to turn cookies on or off. I also tried deleting cached files and cookies in the browser. This was at one point working on iPhones, but I was just told that it stopped about 1 month ago.

Below is the message that is logged in the console:

www.dropbox.com/log/telemetry:1 POST https://www.dropbox.com/log/telemetry 403
Unrecognized Content-Security-Policy directive 'worker-src'.

add_events:1 POST https://www.dropbox.com/2/event_logging/add_events?t=nkgw44qiKE1BDJTFf2rFy53gUP6WMLFqsUeGPH8-oJM 401
add_events:1 POST https://www.dropbox.com/2/event_logging/add_events?t=nkgw44qiKE1BDJTFf2rFy53gUP6WMLFqsUeGPH8-oJM 401
www.dropbox.com/2/client_metrics/record:1 POST https://www.dropbox.com/2/client_metrics/record 401
www.dropbox.com/2/users/get_current_account:1 POST https://www.dropbox.com/2/users/get_current_account 401
www.dropbox.com/2/previews/get_preview_data_batch:1 POST https://www.dropbox.com/2/previews/get_preview_data_batch 401
www.dropbox.com/dropins/log_event:1 POST https://www.dropbox.com/dropins/log_event 403
www.dropbox.com/dropins/log_event:1 POST https://www.dropbox.com/dropins/log_event 403
www.dropbox.com/2/previews/get_preview_data_batch:1 POST https://www.dropbox.com/2/previews/get_preview_data_batch 401
www.dropbox.com/log/telemetry:1 POST https://www.dropbox.com/log/telemetry 403

thesongcompany · ‎03-22-2021

Any update on this? We have begun using the Embedder with the following code (keys/link changed) and it gives the cookies message on both iPhone and iPad, but cookies are already enabled, so those users never get to the Dropbox content:

Greg-DB · ‎03-23-2021

@thesongcompany I don't have an update on this yet. I'll follow up here once I do.

Antony P.3 · ‎03-29-2021

Thanks! It's annoying, as there's no obvious workaround.

Greg-DB · ‎03-31-2021

We've updated the Embedder implementation to better handle these cases and improve the error reporting when needed. Unfortunately, due to some of the new cross-site behaviors in some modern browsers we can't always display the content directly (depending on the user's browsers settings and behaviors), but the Embedder should now work more reliably when dealing with these restrictions, including showing some error messaging and a link to the content when it can't be displayed directly. Please give it a try and let us know if you're still seeing anything not working as expected. Thanks!

thesongcompany · ‎05-05-2021

Hi there,

We still have the same issue. On an iPhone we get this message, even though cookies are enabled.

Greg-DB · ‎05-06-2021

@thesongcompany Are you putting the Embedder inside an iframe in this case, and do you have "Prevent Cross-Site Tracking" enabled?

thesongcompany · ‎05-06-2021

No, we're using the js embed.

Greg-DB · ‎05-07-2021

@thesongcompany To clarify, I'm not referring to which method of using the Embedder (anchor or JavaScript) you're using, but rather if you're putting the Embedder inside an iframe on your page. (That could be done via either method.)

Also, please let me know if you have "Prevent Cross-Site Tracking" enabled. Thanks!

thesongcompany · ‎05-09-2021

Hi Greg,

This is the only code I can find on the page which refers to cross-site tracking. We are using the GoodBarber platform to create a PWA and this page as we build it is (from our perspective) a pure (and very simple) HTML page with the DB embed, but clearly the platform injects all kinds of codes.

define(["require", "exports", "tslib", "react", "modules/clean/react/css", "dropbox/proto/js_init_data/dropins/embeds", "modules/clean/react/dropins_v3/embeds/error/callback_error", "modules/clean/react/dropins_v3/embeds/error/generic_error", "modules/clean/react/dropins_v3/embeds/error/password_error", "modules/clean/react/dropins_v3/embeds/error/login", "modules/core/i18n", "modules/clean/react/dropins_v3/embeds/tti", "modules/clean/react/dropins_v3/embeds/error/storage_access"], (function(e, r, t, s, a, o, n, c, d, i, l, u, m) {
"use strict";
Object.defineProperty(r, "__esModule", {
value: !0
}),
r.EmbedError = void 0,
s = t.__importDefault(s);
r.EmbedError = a.requireCssWithComponent((function(e) {
var r = s.default.useState(!1)
, t = r[0]
, a = r[1]
, f = s.default.useState(m.getStorageAccessState())
, g = f[0]
, b = f[1];
if (g === m.StorageAccessState.NoAccessCanRequest)
return s.default.createElement(n.CallbackErrorComponent, {
callback: m.attemptStorageAccessThenReload(b),
messageText: l.intl.formatMessage({
id: "dQ+g2n",
defaultMessage: "Cookies are required to view this Dropbox content."
}),
ctaText: l.intl.formatMessage({
id: "WqYWha",
defaultMessage: "Allow cookies"
})
});
if (g === m.StorageAccessState.NoAccess)
return s.default.createElement(c.GenericErrorComponent, {
errorText: l.intl.formatMessage({
id: "CwuFw8",
defaultMessage: "Cookies are required to view this Dropbox content. You may need to enable them in your browser."
})
});
if (g === m.StorageAccessState.AccessDenied)
return s.default.createElement(c.GenericErrorComponent, {
errorText: l.intl.formatMessage({
id: "BHiVSS",
defaultMessage: "Can’t show content because of your privacy settings around cross-site tracking."
}),
link: e.link
});
switch (e.error) {
case o.embeds.LinkError.NONE:
return s.default.createElement(s.default.Fragment, null, s.default.Children.only(e.children));
case o.embeds.LinkError.LOGIN:
return u.markTTIIfNeeded(t, a),
s.default.createElement(n.CallbackErrorComponent, {
callback: i.loginWithPopup,
messageText: l.intl.formatMessage({
id: "4zpQ9B",
defaultMessage: "Can’t show content because you’re not signed in to Dropbox."
}),
ctaText: l.intl.formatMessage({
id: "Hjykd1",
defaultMessage: "Sign In"
})
});
case o.embeds.LinkError.NO_ACCESS:
return u.markTTIIfNeeded(t, a),
s.default.createElement(c.GenericErrorComponent, {
errorText: l.intl.formatMessage({
id: "xOodvS",
defaultMessage: "Can’t show content because the owner hasn’t granted you access."
}),
link: e.link
});
case o.embeds.LinkError.EXPIRED:
return u.markTTIIfNeeded(t, a),
s.default.createElement(c.GenericErrorComponent, {
errorText: l.intl.formatMessage({
id: "ucqLru",
defaultMessage: "Can’t show content because the link has expired."
})
});
case o.embeds.LinkError.PASSWORD:
return u.markTTIIfNeeded(t, a),
s.default.createElement(d.PasswordError, {
link: e.link
});
case o.embeds.LinkError.TAKEDOWN:
return u.markTTIIfNeeded(t, a),
s.default.createElement(c.GenericErrorComponent, {
errorText: l.intl.formatMessage({
id: "VPeXVB",
defaultMessage: "Can’t show content because it has been taken down."
})
});
case o.embeds.LinkError.INVALID_LINK:
default:
return u.markTTIIfNeeded(t, a),
s.default.createElement(c.GenericErrorComponent, {
errorText: l.intl.formatMessage({
id: "5r7/Jv",
defaultMessage: "Can’t show content because something went wrong."
})
})
}
}
), ["/static/css/dropins_v3/embeds/index-vflvkFyFQ.css", "/static/css/dig-components/index.web-vflGJghcb.css", "/static/css/spectrum/index.web-vflmHVRF-.css"])
}
));
//# sourceMappingURL=embed_error.min.js-vfljKn5wQ.map

Hope that sheds some light on how to fix it.

Greg-DB · ‎05-10-2021

@thesongcompany Apologies for the confusion. I was referring to the "Prevent Cross-Site Tracking" setting in Settings.app > Safari. Can you check that?

It may also be easier if you can share a URL of a page where the Embedder isn't working for you. Feel free to open an API ticket if you'd prefer to share privately. Thanks in advance!