Child Item

Error 400 using download link from embedded code

I have an embedded piece of code that once upon a time worked before TLS v1 was deprecated. Note the URL download link in the subject line above was modified to protect the file. The unmodified link works fine with Chrome and Edge as the client. I have been trying to modify the code in my embedded application to use TLS v1.2 to make it work again. Below is the code snippet that I am trying to modify. I am guessing my header {} settings are incorrect. Below the code is the html response I get back from Dropbox - basically error 400. Do I need to create my own agent to do this or did I not put in the correct header {} information? I am using the typical Edge and Chrome header for 'Agent'...

Code:

local https = require("ssl.https")

local ltn12 = require("ltn12")

local options = {}

local fileMode = isbinary and "wb" or "w"

f = io.open(fulllocalpath, fileMode)

if not f then

resultstr = "Failed to open local file for writing:" .. fulllocalpath .."\r"

return false, nil, nil, resultstr

end

options = {

url = rawname,

sink = ltn12.sink.file(f),

protocol = "tlsv1_2",

headers = { --IS THERE SOMETHING WRONG HERE???

["Host"] = "www.dropbox.com",

["User-Agent"] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36",

["Accept"] = "*/*",

["Referer"] = "https://www.dropbox.com/",

["Accept-Encoding"] = "gzip, deflate, br",

["Connection"] = "keep-alive"

}

Here is the html response back from Dropbox:

<.DOCTYPE html> <html> <head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>Dropbox - 400</title> <link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/error.css" rel="stylesheet" type="text/css"/> <link rel="shortcut icon" href="https://cfl.dropboxstatic.com/static/images/favicon.ico"/> </head> <body> <div class="figure"> <img src="https://assets.dropbox.com/www/en-us/illustrations/spot/target-miss.svg" alt="Error: 400"/> </div> <div id="errorbox"> <h1>Error (400)</h1>Something went wrong. Don't worry, your files are still safe and the Dropbox team has been notified. Check out our <a href="https://status.dropbox.com">Status Page</a> to see if there is a known incident, our <a href="https://www.dropbox.com/help">Help Center</a> and <a href="https://forums.dropbox.com">forums</a> for help, or head back to <a href="https://www.dropbox.com/home">home</a>. </div> </body> </html>

Find more posts tagged with

API

Abuse

Comments

DB-Des

Hi there!

Since you are receiving an HTML response, we can definitely rule out issues with TLS.

I have been unable to replicate the issue you have described. Is it possible you could enable a more verbose output in your network client? It would be helpful if we could get a better view into the raw request that the client is making.

terryz

I tired adding code to get the https request, without luck. Instead, A gathered a WireShark trace, which you can access here: https://www.dropbox.com/s/3v10bjapy7evnm6/iplogging.pcap?dl=0

Please review and let me know your thoughts.

The trace was captured using the following header (same as original, but with the addition of the 'GET' method.

-- Set the options for the HTTPS request

local options = {

url = rawname,

protocol = "tlsv1_2",

sink = ltn12.sink.file(f),

method = "GET", -- Add the method field to specify the HTTP method

headers = {

["Host"] = "www.dropbox.com",

["User-Agent"] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",

["Accept"] = "*/*",

["Referer"] = "https://www.dropbox.com/",

["Accept-Encoding"] = "gzip, deflate, br",

["Connection"] = "keep-alive"

}

Greg-DB

@terryz Thanks for sharing that, though unfortunately I don't think that we'd be able to determine the issue from that; a 400 like this should generally indicate that there was something incorrect about the HTTP request, but the request data would be encrypted in that capture so we couldn't read it anyway.

Perhaps instead we can try to approach this another way. Can you reproduce the issue with another client where you can inspect the actual requests that get sent? For example, I just tried to replicate the request you're sending using curl with a test shared link of my own, but it worked successfully:

curl -v --tlsv1.2 --http1.1 -X GET -L "https://www.dropbox.com/s/9kkiqvfe457hrs0/test.csv?dl=1" -o out.csv \
	-H "Host: www.dropbox.com" \
	-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" \
	-H "Accept: */*" \
	-H "Referer: https://www.dropbox.com/" \
	-H "Accept-Encoding: gzip, deflate, br" \
	-H "Connection: keep-alive"

(I'm guessing you're using HTTP 1.1, but that --http1.1 option can be changed to --http2 to match if you are using HTTP 2.)

Also, you could try your code with my test shared link to see if your code works with that. If it does, it would indicate an issue with the particular shared link you're using and not the code itself.

By the way, I see you're mimicking a web browser by sending those "User-Agent" and "Referer" headers; that may not necessarily cause issues, but I can't guarantee it. Further, given that those aren't necessary, it may be good to remove them.

terryz

I did add method = "GET" in my last test, does that need to be there?

Greg-DB

@terryz The HTTP GET method is correct for this scenario. It's often the default for HTTP clients, so even when you don't specify it, clients will usually use GET automatically.

terryz

HI Greg:

Can you send me an exact example of what the HTTP request should look like?

I may be able to approach the problem in a different way.

Thanks!

Greg-DB

@terryz You can run the curl example I shared in my earlier comment to see how the requests are formatted. (There are some redirects involved, but curl will handle that automatically since "-L" is specified.)

terryz

I ran he following example in curl, note it fails using the original dropbox link ?I sent to FAULTMSG.CSV - why:

C:\Users\tzarnowski>curl -v --tlsv1.2 --http1.1 -X GET -L "https://www.dropbox.com/s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1" -o out.csv -H "Host: www.dropbox.com" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" -H "Accept: */*" -H "Referer: https://www.dropbox.com/" -H "Accept-Encoding: gzip, deflate, br" -H "Connection: keep-alive"
Note: Unnecessary use of -X or --request, GET is already inferred.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 162.125.4.18:443...
* Connected to www.dropbox.com (162.125.4.18) port 443 (#0)
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* ALPN: server accepted http/1.1
* using HTTP/1.1
> GET /s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1 HTTP/1.1
> Host: www.dropbox.com
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
> Accept: */*
> Referer: https://www.dropbox.com/
> Accept-Encoding: gzip, deflate, br
> Connection: keep-alive
>
< HTTP/1.1 302 Found
< Content-Security-Policy: style-src https://* 'unsafe-inline' 'unsafe-eval' ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; connect-src https://* ws://127.0.0.1:*/ws ; worker-src https://www.dropbox.com/static/serviceworker/ blob: ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js 'nonce-LxuDkSxDrHQIhSAbz8B7DzKtWeY=' ; base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; frame-ancestors 'self' ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; font-src https://* data:
< Content-Security-Policy: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-LxuDkSxDrHQIhSAbz8B7DzKtWeY=' 'nonce-zBujYfSPIVul0nCMhmjaCTh2Jt8='
< Content-Type: text/html; charset=utf-8
< Location: /s/dl/y5jlwu5nfr3s8xe/FAULTMSG.CSV
< Pragma: no-cache
< Referrer-Policy: strict-origin-when-cross-origin
< Set-Cookie: gvc=MjU5MjkxMzYzOTcwMzYwNjQ3NzU2MTA4Mzc2NDQ5MzQ0NDQwMTgx; Path=/; Expires=Sat, 20 May 2028 13:02:20 GMT; HttpOnly; Secure; SameSite=None
< Set-Cookie: t=DAyXLOMSKcjbZX3ChslTIs4P; Path=/; Domain=dropbox.com; Expires=Thu, 21 May 2026 13:02:20 GMT; HttpOnly; Secure; SameSite=None
< Set-Cookie: __Host-js_csrf=DAyXLOMSKcjbZX3ChslTIs4P; Path=/; Expires=Thu, 21 May 2026 13:02:20 GMT; Secure; SameSite=None
< Set-Cookie: __Host-ss=j8axqReYhY; Path=/; Expires=Thu, 21 May 2026 13:02:20 GMT; HttpOnly; Secure; SameSite=Strict
< Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sat, 20 May 2028 13:02:20 GMT
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Permitted-Cross-Domain-Policies: none
< X-Robots-Tag: noindex, nofollow, noimageindex
< X-Xss-Protection: 1; mode=block
< Date: Mon, 22 May 2023 13:02:20 GMT
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Server: envoy
< Cache-Control: no-cache, no-store
< Content-Encoding: gzip
< Vary: Accept-Encoding
< X-Dropbox-Response-Origin: far_remote
< X-Dropbox-Request-Id: 94922619ce9e4dd790b3857b3ece7272
< Transfer-Encoding: chunked
<
* Ignoring the response-body
{ [48 bytes data]
100 37 0 37 0 0 128 0 --:--:-- --:--:-- --:--:-- 128
* Connection #0 to host www.dropbox.com left intact
* Issue another request to this URL: 'https://www.dropbox.com/s/dl/y5jlwu5nfr3s8xe/FAULTMSG.CSV'
* Found bundle for host: 0x1e652216ac0 [serially]
* Re-using existing connection #0 with host www.dropbox.com
> GET /s/dl/y5jlwu5nfr3s8xe/FAULTMSG.CSV HTTP/1.1
> Host: www.dropbox.com
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
> Accept: */*
> Referer: https://www.dropbox.com/
> Accept-Encoding: gzip, deflate, br
> Connection: keep-alive
>
< HTTP/1.1 302 Found
< Content-Security-Policy: sandbox
< Location: https://ucf9fab352ae7acf48b9a3bdcf92.dl.dropboxusercontent.com/cd/0/get/B8h0yjnJ6oYV-TIlmsyGYsN8Xr66RaWCguHFlKjzPZ8fc7h7wQmUOZumls40XqPLIulsyHieE2J5iQIMiUf6Rt1-JtaZ2NrbpQAwUg_79GIsikZE5nRKWcVO4xCs2-iKD54Dae1Xyph_7vttjFVIaa2pYUcerpbEJ4HDMA3cW3x5IWZOj1ynpxoboeJGFOogISA/file?dl=1#
< Referrer-Policy: strict-origin-when-cross-origin
< Set-Cookie: gvc=NTkyNzA4NDA3MDk1OTQ2OTY0NjIxNDQxNjEyODQyMDM1NDYyMjk%3D; expires=Sat, 20 May 2028 13:02:20 GMT; HttpOnly; Path=/; SameSite=None; Secure
< Set-Cookie: t=32mN4AJJyZphNSOFUWMKOpOS; Domain=dropbox.com; expires=Thu, 21 May 2026 13:02:20 GMT; HttpOnly; Path=/; SameSite=None; Secure
< Set-Cookie: __Host-js_csrf=32mN4AJJyZphNSOFUWMKOpOS; expires=Thu, 21 May 2026 13:02:20 GMT; Path=/; SameSite=None; Secure
< Set-Cookie: __Host-ss=pBbPy8XPV4; expires=Thu, 21 May 2026 13:02:20 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
< Set-Cookie: locale=en; Domain=dropbox.com; expires=Sat, 20 May 2028 13:02:20 GMT; Path=/; SameSite=None; Secure
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Permitted-Cross-Domain-Policies: none
< X-Xss-Protection: 1; mode=block
< Content-Type: text/html; charset=utf-8
< Accept-Encoding: identity,gzip
< Date: Mon, 22 May 2023 13:02:20 GMT
< Server: envoy
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Cache-Control: no-cache, no-store
< Content-Encoding: gzip
< Vary: Accept-Encoding
< X-Dropbox-Response-Origin: far_remote
< X-Dropbox-Request-Id: 8497494043f64814996dae65b7a5ce95
< Transfer-Encoding: chunked
<
* Ignoring the response-body
{ [350 bytes data]
100 333 0 333 0 0 553 0 --:--:-- --:--:-- --:--:-- 553
* Connection #0 to host www.dropbox.com left intact
* Issue another request to this URL: 'https://ucf9fab352ae7acf48b9a3bdcf92.dl.dropboxusercontent.com/cd/0/get/B8h0yjnJ6oYV-TIlmsyGYsN8Xr66RaWCguHFlKjzPZ8fc7h7wQmUOZumls40XqPLIulsyHieE2J5iQIMiUf6Rt1-JtaZ2NrbpQAwUg_79GIsikZE5nRKWcVO4xCs2-iKD54Dae1Xyph_7vttjFVIaa2pYUcerpbEJ4HDMA3cW3x5IWZOj1ynpxoboeJGFOogISA/file?dl=1'
* Trying 162.125.4.15:443...
* Connected to ucf9fab352ae7acf48b9a3bdcf92.dl.dropboxusercontent.com (162.125.4.15) port 443 (#1)
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* ALPN: server accepted http/1.1
* using HTTP/1.1
> GET /cd/0/get/B8h0yjnJ6oYV-TIlmsyGYsN8Xr66RaWCguHFlKjzPZ8fc7h7wQmUOZumls40XqPLIulsyHieE2J5iQIMiUf6Rt1-JtaZ2NrbpQAwUg_79GIsikZE5nRKWcVO4xCs2-iKD54Dae1Xyph_7vttjFVIaa2pYUcerpbEJ4HDMA3cW3x5IWZOj1ynpxoboeJGFOogISA/file?dl=1 HTTP/1.1
> Host: ucf9fab352ae7acf48b9a3bdcf92.dl.dropboxusercontent.com
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
> Accept: */*
> Referer: https://www.dropbox.com/
> Accept-Encoding: gzip, deflate, br
> Connection: keep-alive
>
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* schannel: failed to decrypt data, need more data
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Cache-Control: max-age=60
< Content-Disposition: attachment; filename="FAULTMSG.CSV"; filename*=UTF-8''FAULTMSG.CSV
< Content-Security-Policy: sandbox
< Etag: 1681308133112497d
< Pragma: public
< Referrer-Policy: no-referrer
< Vary: Origin
< X-Content-Security-Policy: sandbox
< X-Content-Type-Options: nosniff
< X-Robots-Tag: noindex, nofollow, noimageindex
< X-Server-Response-Time: 192
< X-Webkit-Csp: sandbox
< Content-Type: application/binary
< Accept-Encoding: identity,gzip
< Date: Mon, 22 May 2023 13:02:20 GMT
< Server: envoy
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Content-Length: 6848
< X-Dropbox-Response-Origin: far_remote
< X-Dropbox-Request-Id: 1dfba269edcd4785a07aff50ce3ea9ba
<
{ [6848 bytes data]
100 6848 100 6848 0 0 6830 0 0:00:01 0:00:01 --:--:-- 44467
* Connection #1 to host ucf9fab352ae7acf48b9a3bdcf92.dl.dropboxusercontent.com left intact

Greg-DB

@terryz I see you are getting the two expected 302 responses, and then the final successful 200 response. When you say it fails, are you referring to the "schannel: failed to decrypt data, need more data" message? That doesn't occur for me, and I do get the expected 6848 bytes of data saved out when I try. Does the file get downloaded properly for you with this command?

In any case, it isn't resulting in a 400, so it appears this doesn't replicate the issue with your original code; it seems like the client in your original code is doing something differently that may be corrupting the request there.

terryz

yes, it was that error, but as it turns out the file still downloaded....

Greg-DB

@terryz Thanks for clarifying. Yes, that error would indicate something went wrong with the transfer, but it sounds like curl was able to recover and complete the download successfully. It may have just been a transient network issue. Regardless, it doesn't appear to reproduce the original 400 error code from your original code, so unfortunately this doesn't seem to be representative of the original issue.

terryz

Agreed...I am wondering if my luasec client is handling the redirects or not.

The client is using lusec.

Greg-DB

@terryz Given that the same link and headers work in another client, it does sound like your client is malforming the request somehow. Unfortunately we can't offer support for third party clients themselves, so I recommend referring to the documentation/support resources for that client for information on how to debug it. If you can get some more verbose output showing an issue on the Dropbox server side in particular though, please do share that so we can investigate.

terryz

Will do. thanks!

terryz

I managed to get the headers, see the log below from the device:

May 22 15:50:51 err ALEOS_APPS_AAF-APPS: <UMONIoT> requestParams.method: GET https://www.dropbox.com:443/s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1
May 22 15:50:51 err ALEOS_APPS_AAF-APPS: <UMONIoT> Host: www.dropbox.com
May 22 15:50:51 err ALEOS_APPS_AAF-APPS: <UMONIoT> Accept: */*
May 22 15:50:51 err ALEOS_APPS_AAF-APPS: <UMONIoT> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
May 22 15:50:51 err ALEOS_APPS_AAF-APPS: <UMONIoT> Connection: keep-alive
May 22 15:50:51 err ALEOS_APPS_AAF-APPS: <UMONIoT> Accept-Encoding: gzip, deflate, br
May 22 15:50:51 err ALEOS_APPS_AAF-APPS: <UMONIoT> Referer: https://www.dropbox.com/
May 22 15:50:51 err ALEOS_APPS_AAF-APPS: <UMONIoT> Failed to download file. Error code [400].
May 22 15:50:51 warning ALEOS_APPS_AAF-APPS: <RACON-ASSET-TREE> handler error detected Failed to download file. Error code [400].
May 22 15:50:51 warning ALEOS_APPS_AAF-APPS: <RACON-ASSET-TREE> handler error detected Failed to download file. Error code [400].
May 22 15:50:51 info ALEOS_APPS_AAF-APPS: <RACON-ASSET-TREE> Asset tree acknowledges ticket 1634917755 (path:'commands.UpdateControllerConfigFile', status:'-3')
May 22 15:50:51 err ALEOS_APPS_AAF-AGENT: <ASSCON> Asset ({ "iConfiguration", "iData", "iCommands" }) executing (SendData) reports error: 'Failed to download file. Error code [400].'

I do not see what is wrong - is something missing?

Greg-DB

@terryz No, the values there appear to be valid, and nothing seems to be missing when compared to a curl sample. The only thing that looks off is that the whole URL is output under a description of "requestParams.method", but that may just be how the client is formatting its logging; it may not be representative of how it is actually formatting the real HTTP request it is sending. (The actual start line of the HTTP request should look like "GET /s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1 HTTP/1.1"; and the "method" is just the "GET" part.)

The generic 400 HTML error page you're getting can be returned when the HTTP request itself is malformed, even if the intended header values themselves would be correct. For example, we've seen this when a client malforms a request by accidentally sending an extra blank line (thereby ending the headers section) before sending the rest of the actual headers. That sort of corruption may not be apparent from the client-side logging though unfortunately.

In order to simplify this in the hopes of eliminating the corruption, have you tried running your code without setting the headers yourself? You don't need to mimic a browser anyway, and the client may automatically set the header(s) that are needed (e.g., "Host").

terryz

It does appear from the log output that the full line of the GET request is indeed:

GET https://www.dropbox.com:443/s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1.

Are you saying that the https://www.dropbox.com:443 should be removed from the request to be like:

GET /s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1

If that is the case, then I believe I need to put in the header ":HOST" = https://www.dropbox.com:443

Greg-DB

If the client is actually sending that full URL string in the start line, that would be incorrect. The start line in the HTTP request should only contain the method, path, and HTTP version; not the hostname/port. And the "Host" header should only contain the hostname.

For example, see that part of the first request in your working curl example for comparison:

@terryz wrote:
> GET /s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1 HTTP/1.1
> Host: www.dropbox.com

terryz

OK, I will have to reformat the headers to what they need to be and give that a shot.

terryz

HI - Some progress!

This is the current header configuration.

--https://www.dropbox.com/s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1

-- Set the options for the HTTPS request

local options = {

url = "https://www.dropbox.com",

protocol = "tlsv1_2",

sink = ltn12.sink.file(f),

--method = "GET", -- Add the method field to specify the HTTP method

verify = "none",

options = "all",

headers = {

["Path"] = "/s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1",

["User-Agent"] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",

["Accept"] = "*/*",

["Accept-Language"] = "en-US,en;q=0.9",

}

I am receiving Http Request response 200.

HOWEVER, the data that is coming in is an HTML doc with a bunch of script, not the actual file - how to I get the actual file?

This is what is coming in now:

<!DOCTYPE html><html class="maestro maestro--responsive global-header" lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><script nonce="ZRxUjr5/dF9DyBZrrJ6q">
window._goch_ = {};
window.addEventListener('click', function(event) {
'use strict';
for (var elm = event.target; elm; elm = elm.parentElement) {
if (elm.id &&
window._goch_.hasOwnProperty(elm.id) &&
window._goch_[elm.id].call(elm, event) === false) {
event.preventDefault();
}
}
}, true);
window._csp_external_script_nonce = "7kuyd45qCXX16APN0jQ5"</script><link href="https://cfl.dropboxstatic.com" rel="preconnect" /><link href="https://cfl.dropboxstatic.com/static/metaserver/static/images/favicon-vfl8lUR9B.ico" rel="shortcut icon" /><title>Dropbox.com</title><meta content="all" name="robots" /><link href="https://www.dropbox.com/" rel="canonical" /><link href="https://www.dropbox.com/da_DK/" hreflang="da-dk" rel="alternate" /><link href="https://www.dropbox.com/de/" hreflang="de-de" rel="alternate" /><link href="https://www.dropbox.com/" hreflang="en" rel="alternate" /><link href="https://www.dropbox.com/en_GB/" hreflang="en-gb" rel="alternate" /><link href="https://www.dropbox.com/es/" hreflang="es" rel="alternate" /><link href="https://www.dropbox.com/es_ES/" hreflang="es-es" rel="alternate" /><link href="https://www.dropbox.com/fr/" hreflang="fr-fr" rel="alternate" /><link href="https://www.dropbox.com/id/" hreflang="id-id" rel="alternate" /><link href="https://www.dropbox.com/it/" hreflang="it-it" rel="alternate" /><link href="https://www.dropbox.com/ja/" hreflang="ja-jp" rel="alternate" /><link href="https://www.dropbox.com/ko/" hreflang="ko-kr" rel="alternate" /><link href="https://www.dropbox.com/ms/" hreflang="ms-my" rel="alternate" /><link href="https://www.dropbox.com/nb_NO/" hreflang="nb-no" rel="alternate" /><link href="https://www.dropbox.com/nl_NL/" hreflang="nl-nl" rel="alternate" /><link href="https://www.dropbox.com/pl/" hreflang="pl-pl" rel="alternate" /><link href="https://www.dropbox.com/pt_BR/" hreflang="pt-br" rel="alternate" /><link href="https://www.dropbox.com/ru/" hreflang="ru-ru" rel="alternate" /><link href="https://www.dropbox.com/sv_SE/" hreflang="sv-se" rel="alternate" /><link href="https://www.dropbox.com/th_TH/" hreflang="th-th" rel="alternate" /><link href="https://www.dropbox.com/uk_UA/" hreflang="uk-ua" rel="alternate" /><link href="https://www.dropbox.com/zh_CN/" hreflang="zh-cn" rel="alternate" /><link href="https://www.dropbox.com/zh_TW/" hreflang="zh-tw" rel="alternate" /><meta content="origin-when-cross-origin" name="referrer" /><meta content="width=device-width, initial-scale=1" name="viewport" /><meta content="app-id=327630330" name="apple-itunes-app" /><script type="text/javascript" nonce="ZRxUjr5/dF9DyBZrrJ6q">if (window.performance && window.performance.mark) { window.performance.mark("requirejs_start"); }</script> <link crossorigin="anonymous" href="https://cfl.dropboxstatic.com/static/metaserver/static/js/alameda_bundle/alameda_bundle_chrome_en-vflNKspnr.js" as="script" nonce="7kuyd45qCXX16APN0jQ5" rel="preload" type="text/javascript" /> <script type="text/javascript" nonce="ZRxUjr5/dF9DyBZrrJ6q">
(()=>{"use strict";const e=window;let a;const r=()=>{a=[],e.addRequireLoadCallback=e=>a.push(e),e.configureRequire=function(){const a=arguments;e.addRequireLoadCallback(()=>e.configureRequire.apply(null,a))},e.define=function(){const a=arguments;e.addRequireLoadCallback(()=>e.define.apply(null,a))},e.preLoadFile=(...a)=>{e.addRequireLoadCallback(()=>e.preLoadFile.apply(null,a))}};r(),e._insertRequireShim=r,e.InitRequireJs=r=>{e.requireContexts={},e.performance&&null!=e.performance.now&&(requirejs.onResourceLoad=(a,r,i)=>{const l=e.performance.now(),n=e.requireContexts[a.id];if(n){r.id in n.module_callback_times||(n.module_callback_times[r.id]={});const e=n.module_callback_times[r.id];e.loadTime=l,r.url&&(e.url=r.url),r.id&&(e.name=r.id),r.parentMap&&r.parentMap.url&&(e.parent=r.parentMap.url)}}),e.configureRequire=r,e.addRequireLoadCallback=e=>e(),a.forEach(e=>e())}})();

window.CSP_SCRIPT_NONCE = "ZRxUjr5/dF9DyBZrrJ6q";
</script> <script async="async" crossorigin="anonymous" src="https://cfl.dropboxstatic.com/static/metaserver/static/js/alameda_bundle/alameda_bundle_chrome_en-vflNKspnr.js" type="text/javascript" nonce="7kuyd45qCXX16APN0jQ5"></script> <link crossorigin="anonymous" href="https://cfl.dropboxstatic.com/static/metaserver/static/fonts/dig-fonts/sharp_grotesk_23/SharpGroteskDBCyrBook23-vflX-NIwB.woff2" as="font" rel="preload" type="font/woff2" /><link crossorigin="anonymous" href="https://cfl.dropboxstatic.com/static/metaserver/static/fonts/dig-fonts/sharp_grotesk/SharpGroteskDBCyrBook20-vfl6-4ZSp.woff2" as="font" rel="preload" type="font/woff2" /><link crossorigin="anonymous" href="https://cfl.dropboxstatic.com/static/metaserver/static/fonts/dig-fonts/atlas_grotesk/AtlasGrotesk-Regular-Web-vflk7bxjs.woff2" as="font" rel="preload" type="font/woff2" /> <link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/dig-components/tokens-vflR97xg7.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/typescript/component_libraries/dwg-components/src/experimental/components/dwg-toggle-button/index.module.out-vfldjr_iJ.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/typescript/component_libraries/dwg-components/src/components/dwg-strikethrough-text/index.module.out-vfl7ItJO0.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/warp/skip_to_main_content-vflFXXrjC.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/dig-fonts/sharp_grotesk_23.metaserver-vflgQV__K.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/typescript/component_libraries/dwg-components/src/index.web-vflHlB-6O.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/notify-vfl4oJv2S.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/dig-fonts/index.metaserver-vflgFIjQa.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/accessibility-vfliGZNRm.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/typescript/component_libraries/dwg-components/src/components/dwg-label/index.module.out-vflida7Ix.css" rel="stylesheet" /><link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/google_one_tap-vfl-icCpr.css" rel="stylesheet" /> <style type="text/css">
</style><script type="text/javascript" nonce="ZRxUjr5/dF9DyBZrrJ6q">if (window.performance && window.performance.mark) { window.performance.mark("ensemble_payload_start"); }</script> <script type="text/javascript" nonce="ZRxUjr5/dF9DyBZrrJ6q">window._REPORT_ALL_JS_EXCEPTIONS_ENABLED = true;</script> <script type="text/javascript" nonce="ZRxUjr5/dF9DyBZrrJ6q">(function(){"use strict";const PerfTimer="object"==typeof performance&&"function"==typeof performance.now?performance:Date,FAST_FRAME_THRESHOLD=20,SLOW_FRAME_THRESHOLD=34;class CPUIdleMonitor{constructor(){this.idleCPUTime=0,this.busyCPUTime=0,this.startedTracking=PerfTimer.now(),this.lastFrame=this.startedTracking,this.requestID=requestAnimationFrame((()=>{this.updateCPUTimes()})),console.timeStamp&&console.timeStamp("cpu_idle_tracking_started")}updateCPUTimes(e={forceUpdate:!1,currentCPUSpan:0}){const t=PerfTimer.now(),s=t-this.lastFrame;let r;this.lastFrame=t,r=s>=SLOW_FRAME_THRESHOLD?0:s<=FAST_FRAME_THRESHOLD?1:(SLOW_FRAME_THRESHOLD-s)/(SLOW_FRAME_THRESHOLD-FAST_FRAME_THRESHOLD);let n=s*(1-r);e.forceUpdate&&n<e.currentCPUSpan&&(n=Math.min(s,e.currentCPUSpan)),this.busyCPUTime+=n,this.idleCPUTime+=s-n,e.forceUpdate||(this.requestID=requestAnimationFrame((()=>{this.updateCPUTimes()})))}stop(){null!==this.requestID&&(console.timeStamp&&console.timeStamp("cpu_idle_tracking_stopped"),cancelAnimationFrame(this.requestID),this.requestID=null)}getIdleCPUTime(){return this.idleCPUTime}getCPUTimeSnapshot(e){return void 0!==e&&this.updateCPUTimes({forceUpdate:!0,currentCPUSpan:e}),{idleTime:this.idleCPUTime.toString(),busyTime:this.busyCPUTime.toString()}}getTotalTrackedTime(){return this.idleCPUTime+this.busyCPUTime}getIdlePercentOfTracked(){const e=this.idleCPUTime+this.busyCPUTime;return 0===e?0:this.idleCPUTime/e}getUntrackedTimeSinceTTFB(){if("object"!=typeof performance||"function"!=typeof performance.now||"object"!=typeof performance.timing||"number"!=typeof performance.timing.responseStart||"number"!=typeof performance.timing.navigationStart)return null;const e=performance.timing.responseStart-performance.timing.navigationStart;return this.startedTracking-e}}function reportNonceMismatch(e,t){window.addRequireLoadCallback((()=>{setTimeout((()=>{const s=new Error("Refused to execute script from because window.CSP_SCRIPT_NONCE is defined and the nonce doesn't match.");throw s.excExtra={page_nonce:e,script_tag_nonce:t,err_version:3},s.tags=["csp-nonce-error"],s}),0)}))}const hasPerfNow=!(!window.performance||!window.performance.now);function consoleTimeStamp(e){console.timeStamp&&console.timeStamp(e)}class EnsembleStopwatch{constructor(){this._data={}}getNow(){if(hasPerfNow)return window.performance.now()}markSpan(e,t={}){if(consoleTimeStamp(e),"number"!=typeof t.startTime&&(t.startTime=0),"number"!=typeof t.endTime){const e=this.getNow();if(void 0===e)return;t.endTime=e}t.startTime=Math.round(t.startTime),t.endTime=Math.round(t.endTime),this._data[e]?console.error("stopwatch error: spanName has been used before: "+e):this._data[e]={start:t.startTime,end:t.endTime,annotations:t.annotations||{}}}getData(){const e={};for(const t in this._data)if(this._data.hasOwnProperty(t)){const s=this._data[t];e[t]={end:s.end,start:s.start,annotations:s.annotations}}return e}}class EventTracker{constructor(){this._postEventCallbacks=[],this._eventMarked=!1}callAfterEvent(e){this._eventMarked?e():this._postEventCallbacks.push(e)}_triggerPostEventCallbacks(){for(const e of this._postEventCallbacks)e();this._postEventCallbacks=[]}markEvent(){if(this._eventMarked)throw new Error("event can't be marked twice");this._eventMarked=!0,this._triggerPostEventCallbacks()}}const ScriptTypes=["text/javascript","text/ecmascript","application/javascript","application/ecmascript","",void 0];function insertPagelet(e,t){return e.innerHTML=t,t=>_evaluateScripts(e,t)}function evaluateScript(e,t){const s=document.createElement("div");return s.innerHTML=e,_evaluateScripts(s,t)}function _evaluateScripts(e,t){const s=e.getElementsByTagName("script");for(let e=0;e<s.length;e++){const r=s[e];if(-1===ScriptTypes.indexOf(r.type))continue;const n=r.nonce||r.getAttribute("nonce"),o=window.CSP_SCRIPT_NONCE;if(o===n){if(r.src)throw new Error("Do not add scripts with src in the pagelet html, they should instead be loaded via requirejs or as pagelet dependencies");eval.call(window,r.innerHTML)}else t(o,n)}}const loaderOrder=["loadCssWithCache","CssEntryPoint","css-modules"],sortedLoaders=["css-modules"];function findInsertPosition(e,t,s){if(s[t].length>0){if(sortedLoaders.includes(t)){const r=s[t];for(let t=0;t<r.length;t++){const{elem:s,path:n}=r[t];if(n>e.path)return[s,t]}}return[s[t][s[t].length-1].elem.nextElementSibling,null]}const r=loaderOrder.indexOf(t);for(let e=r-1;e>=0;e--){const t=s[loaderOrder[e]];if(t.length>0)return[t[t.length-1].elem.nextElementSibling,null]}for(let e=r+1;e<loaderOrder.length;e++){const t=s[loaderOrder[e]];if(t.length>0)return[t[0].elem,null]}return[null,null]}function injectCssElement(e,t,s,r,n){e.elem.setAttribute("data-loader",t),e.elem instanceof HTMLStyleElement&&e.elem.setAttribute("path",e.path);let o=null,i=null;n||([o,i]=findInsertPosition(e,t,s)),null===i?s[t].push(e):s[t].splice(i,0,e),o?r.insertBefore(e.elem,o):r.appendChild(e.elem)}function injectCss(e,t,s=document){const r=s.defaultView;r.__injectCssCache||(r.__injectCssCache={loadCssWithCache:[],CssEntryPoint:[],"css-modules":[]});const n=r.__injectCssCache,o=sortedLoaders.includes(t);if(!o&&e.length>1){const[r]=findInsertPosition(e[0],t,n),i=s.createDocumentFragment();for(const s of e)injectCssElement(s,t,n,i,!o);null===r?s.head.appendChild(i):s.head.insertBefore(i,r)}else for(const r of e)injectCssElement(r,t,n,s.head,!1)}const _loadedCSS={},_CSSElements={};function appendLinkTags(e,t,s){const r=[];for(const e of t){const t=_CSSElements[e];if(t)if(_loadedCSS[e])s();else{const r=t.onload,n=t.onerror;t.onload=()=>{s(),r()},t.onerror=()=>{s({resource:e,type:"stylesheet"}),n()}}else{const t=document.createElement("link");t.href=e,t.rel="stylesheet",t.onload=()=>{_loadedCSS[e]=!0,s()},t.onerror=()=>{s({resource:e,type:"stylesheet"})},r.push({elem:t,path:e}),_CSSElements[e]=t}}injectCss(r,"CssEntryPoint",e)}function appendScriptTags(e,t,s){let r;window.hasOwnProperty("_csp_external_script_nonce")&&(r=window._csp_external_script_nonce);for(const n of t){const t=document.createElement("script");t.src=n,t.type="text/javascript",t.async=!0,t.onload=()=>{s()},t.onerror=()=>{s({resource:n,type:"script"})},r&&t.setAttribute("nonce",r),e.appendChild(t)}}class ResourceLoader{constructor(e,t){this.totalResources=0,this.loadedResources=0,this.onLoadCallbacks=[],this.errors=[],e.stylesheets&&(this.totalResources+=e.stylesheets.length),e.scripts&&(this.totalResources+=e.scripts.length),t&&this.onLoadCallbacks.push(t),0!==this.totalResources?this.loadResources(e.stylesheets,e.scripts):setTimeout(this.runCallbacks.bind(this),0)}isDoneLoading(){return this.loadedResources===this.totalResources}addOnLoadCallback(e){if(this.isDoneLoading())throw new Error("ResourceLoader error: added callback after resources have finished loading");this.onLoadCallbacks.push(e)}loadResources(e,t){const s=function(e){this.loadedResources+=1,e&&this.errors.push(e),this.loadedResources===this.totalResources&&this.runCallbacks()}.bind(this);if(e&&appendLinkTags(document,e,s),t){const e=document.createDocumentFragment();appendScriptTags(e,t,s),document.body.appendChild(e)}}runCallbacks(){let e;if(0!==this.errors.length){e={failedStylesheets:[],failedScripts:[]};for(const t of this.errors)"stylesheet"===t.type?e.failedStylesheets.push(t.resource):"script"===t.type&&e.failedScripts.push(t.resource)}for(let t=0;t<this.onLoadCallbacks.length;t++)this.onLoadCallbacks[t](e)}}function doFrameBust(e){if(e.mini_frame_bust){let e=!1;try{e=top.location.hostname===self.location.hostname}catch(e){}if(self!==top&&!e){setTimeout((()=>{window.DB_FRAME_BUST=!0,document.body.innerHTML="<img src='https://cfl.dropboxstatic.com/static/metaserver/static/images/logo.png' id='frame-bust-image'/>",document.getElementById("frame-bust-image").addEventListener("click",(function(e){top.location.href=window.location.href}))}),4);try{top.location.replace(self.location.href)}catch(e){console.error(e)}}}e.frame_bust&&self===top&&(document.body.style.display="")}class TTITracker{constructor(){this._postTTICallbacks=[],this.ttiMarked=!1}callAfterTTI(e){this.ttiMarked?e():this._postTTICallbacks.push(e)}_triggerPostTTICallbacks(){for(const e of this._postTTICallbacks)e();this._postTTICallbacks=[]}markTTI(){clearTimeout(this.ttiTimeoutId),setTimeout((()=>{this.ttiMarked=!0,this._triggerPostTTICallbacks();const e=document.createEvent("Event");e.initEvent("TTI",!0,!0),window.dispatchEvent(e)}),0)}startTTITimeout(e,t){this.ttiTimeoutId=setTimeout((()=>{t&&t(),this._triggerPostTTICallbacks()}),e)}}function validateObjectProperties(e,t,s){for(const r of Object.keys(s)){if(!Object.prototype.hasOwnProperty.call(t,r))throw new Error(e+" missing required property '"+r+"'");let n,o=!1;const i=s[r];if(null!==i)if("object"==typeof i?(n=i.kind,o=i.nullable):n=i,o){if(null!=t[r]&&typeof t[r]!==n)throw new Error(e+" property '"+r+"' has incorrect type. Expected '"+n+"' or null, got '"+typeof t[r]+"'")}else{const s=typeof t[r];if(s!==n)throw new Error(e+" property '"+r+"' has incorrect type. Expected '"+n+"', got '"+s+"'")}}}function validatePageletConfig(e){if(null==e)throw new Error("Pagelet config is null or undefined")

blah blah and goes on and on.....

Greg-DB

@terryz I see you're setting the "url" to "https://www.dropbox.com" now, instead of your shared link, and so you're retrieving the HTML of the Dropbox home page.

I also see that you're trying to set a "Path" header to "/s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1", however that should be part of the HTTP start line, not a header.

The network client is generally expected to handle these details for you automatically; that is, you should be able to just supply the URL and it would handle the host and path details for you automatically.

If you set the "url" to the full shared link with this code, and don't set a "Path" header, does it get the expected file content? If the home page works but the shared link doesn't, it's possible your client just doesn't support redirects.

terryz

HI:

I am still stuck on this problem. I used this download link: https://uccef767ef880d6a3502e4b4c6d8.dl.dropboxusercontent.com/cd/0/get/B-vL_FjzfpbTyi_k94SzGhqqvG9QHT1CUYLd3C17VUfLzkEMfNwV5fvXZoYO1td1WZhJfBs0-chFbS12zcOEoEDCyh-NdZzUYp_Z-gMcL3lK5ebsNWJ3PozlzQLOW8oVaafVrlraw-iygnZkzZC3tinXOppvcp-L4E14ND29ah7CTtRdCaRMlBDjD6suA2naIsM/file?dl=1#

And I get the dropbox Error 400 "Something went wrong" page.

I am using this for the https request:

resp, resultcode, respheaders, respstatus = https.request{

url = rawname,

sink = ltn12.sink.file(io.open(fulllocalpath, "wb")),

protocol = "tlsv1_2",

verify = "none",

options = "all",

headers = {

["User-Agent"] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",

["Accept"] = "*/*",

["Referer"] = "https://www.dropbox.com/",

["Connection"] = "keep-alive",

}

Greg-DB

@terryz That particular link has expired now (and so fails with a 410), but I notice it does end with a "#". That would normally be fine, as network clients are supposed to automatically remove that before issuing a network request (curl does, for example), but it's possible that your network client is not doing so, and so corrupting the request. Can you try it with a new one of those links but manually remove the "#" first?

terryz

That gave me a 404 error..

Greg-DB

@terryz Can you double check that you only removed the "#" and did not otherwise modify the link? I can't reproduce that 404 with curl.

Also, note that these /cd/0/get/ links that result from the redirects can each only be used once, so you'd need to receive the link and remove the trailing "#" before you issue a request to it.

terryz

OK, progress!

It works now using the 1 time download link with the '#' removed.

However, a 1 time link is not practical in our application...

When I go back to the 'standard link' [https://www.dropbox.com/s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=0], Iam still getting a 400 error code.

What goes on under the hood of dropbox that enables a web browser like Edge or chrome to use the 'standard' link continuously?

Greg-DB

@terryz Other clients/browsers support the ability to correctly handle redirects as well as withhold the "fragment" portion of the URL (the "#" part) when sending requests. These enable them to go from the original URL through to the final URL where the file data is returned. Based on what I've seen in this thread it appears the network client you're using does not correctly handle one or both of those behaviors.

By the way, I notice you have "dl=0" in your latest message, but that should be "dl=1" like you had in earlier messages. I expect you've already that had correct in your code previously, but it's worth checking since that parameter is necessary for this use case.

terryz

Correct, it was dl=1.

What I am getting back is the following header to the URL https://www.dropbox.com/s/y5jlwu5nfr3s8xe/FAULTMSG.CSV?dl=1 is the following;

Why am I getting back a response of 400 with a redirect link?

resultcode [400].
headers: x-dropbox-response-origin:local
headers: content-type:text/html
headers: location:https://uc16524db6bb71d5534145f43f41.dl.dropboxusercontent.com/cd/0/get/B-y6cEeORVMMdIB4gjagTUX1yqaznPpvtxEAaIMWaMgYvlPnz9gApnmN5Uh_Ol6TeuDQYDw5RVdUfpnhcrRyzWvx6e9jtmqpHChrnTp3lXMjGweuZPtT1dHIeSpCSlrGswTQc-fr6mhCFf5c9QNCUxEam3dIxAqAJvp30KVhoaeum4dSAVdzecaqBBgvWpzQOjQ/file?dl=1#
headers: vary:Accept-Encoding
headers: content-length:1005
headers: connection:close
headers: date:Tue, 27 Jun 2023 20:03:08 GMT
headers: server:envoy

Redirecting to: https://uc16524db6bb71d5534145f43f41.dl.dropboxusercontent.com/cd/0/get/B-y6cEeORVMMdIB4gjagTUX1yqaznPpvtxEAaIMWaMgYvlPnz9gApnmN5Uh_Ol6TeuDQYDw5RVdUfpnhcrRyzWvx6e9jtmqpHChrnTp3lXMjGweuZPtT1dHIeSpCSlrGswTQc-fr6mhCFf5c9QNCUxEam3dIxAqAJvp30KVhoaeum4dSAVdzecaqBBgvWpzQOjQ/file?dl=1

Greg-DB

A 400 like that indicates that there was something incorrect about the HTTP request issued by the client. (When following the redirects from the original link, there would be multiple requests made.)

For example, as we found it seems the client is incorrectly sending the fragment ("#") on that particular link.

Ultimately, as this does not reproduce with other clients, it appears this is an issue with the specific network client you're using. That client is not made by Dropbox and the behavior of that client is out of our control so we can't provide support for it in particular.

terryz

Hi - I do take out the '#' on the redirect link.

It is now working with the 'standard' link, however I am still getting a 400 error when I use the standard link https://www.dropbox.com/s/gxxxxxxxxblablahfile.TXT?dl=1. This returns error 400.

So I modified the code to ignore this error 400 and look for the redirect URL anyway, which is provided, despite getting the 400 from dropbox.com.

The code then strips off the trailing '#' character, and reissues new http request with the redirect link. The file is downloaded successfully, and the return code is now 200 - indicating success, which it is!

So...why am I getting a 400 error on the first http request with the standard link, but I still get a redirect URL to the file anyway, and then making the exact same http request except modifying the url to the redirect link, then get the file downloaded and code 200?

Here is my header setup - what is wrong with it causing the initial error 400?

resp, resultcode, respheaders, respstatus = https.request{
url = rawname,
sink = ltn12.sink.file(io.open(fulllocalpath, "wb")),
protocol = "tlsv1_2",
verify = "none",
options = "all",
--method = "GET",
headers = {
["User-Agent"] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
["Accept"] = "*/*",
["Connection"] = "keep-alive"
}
}