Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

filesListFolderLongpoll() causes CORS preflight error

See original GitHub issue

XMLHttpRequest cannot load https://notify.dropboxapi.com/2/files/list_folder/longpoll.
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 501.

Tested on macOS Chrome (54.0.2840.71 (64-bit)), Safari (10.0.1 (11602.2.14.0.7)) & Firefox (49.0.2).

This seems unrelated to #42 (or associated issues) because domain is notify.dropboxapi.com not api.dropboxapi.com.

Can also be reproduced with following XHR request:

var xhr = new XMLHttpRequest();
xhr.open("POST", "https://notify.dropboxapi.com/2/files/list_folder/longpoll");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.send(JSON.stringify({cursor: "AAG9UMjHQxjlfNX_rOPsVO0W27HIkPlD-xBu0rETcMhuWsprxpgE-94NVr29SIgJfGlFokxPbJSuTG6ryGD01d_amqnijqi0fcXp2cdkYeq63krcuD9jKVeU4kbBNSLfXzswS-NXCJJF1IA_AUeL_h4ZKFyuJIuVRQNodUu8EOo0Vw"}));
// I assume you'll need to provide a cursor value that matches your own account

It seems it is the Content-Type “application/json” header that is triggering the CORS prefilght. The suggested Content-Type “text/plain;charset=dropbox-cors-hack” hack doesn’t work as all 3 browsers I tested rewrite to “text/plain” which result in a 400 Bad request.