nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Child Item

Access token js , security ?

Stefano B.3

HI sorry for english :

i use this script to upload file directly on my dropbox app with javascript:

<form onSubmit="return uploadFile()">
 <input type="hidden" id="access-token" value="<?=$token ?>" />
 <label>Seleziona il file da caricare</label>
 <br>
 <input type="file" id="file-upload" />
 <br>

 <button type="submit">Esegui l'upload</button>
 </form>

in this way the access token is show in souce code .

if a developer use this access token can create an app and manage the file of my folder ,
it's true ?
if it's true how can i secure it ?

Find more posts tagged with

API

Abuse

Comments

Stephen C.14

If you're trying to build an app for clients to upload files to one Dropbox account (say your personal account), then there is no client-side solution that will allow clients to securely upload directly to your Dropbox. Your access token will always be exposed client-side.

If you want to use your personal Dropbox account as a place for users to upload content, then you will need to implement a server-side solution. For example, you can have clients upload content to your server and then from your server, you can upload the content directly to your personal Dropbox account. In this case, you would not want to use the JavaScript SDK, instead perhaps the Java SDK (https://www.dropbox.com/developers/documentation/java).

Does this answer your question?