Remove Dropbox Onebox For Audio Links

Hi All,

The Dropbox Onebox works great generally - the pretty box with the folder/file name etc … but with some individual files (like mp3 etc) it attempts to ‘play’ the file with the inbuilt audio player.

https://www.dropbox.com/s/5n413v2420pgslc/James%20and%20Ric%202017.mp3?dl=0

Becomes

Now, Dropbox kind of doesn’t allow that kind of off-site streaming thing - it prefers you to land on their page and play it with their audio player.

• Is there a way to remove the onebox formatting on a link?
• Or, can the media player not attempt to play files from the Dropbox (and probably other cloud formats?) domain(s)

https://www.dropbox.com/s/5n413v2420pgslc/James%20and%20Ric%202017.mp3?dl=1

dl=1 works.

It’s a very strange quirky at Dropbox side, they should use the imgur convention (with file externsion is hotlinking and without a html page).

Odd - good tip for now … I’ll try to edit posts to dl=1.

I guess they are all going to have different conventions.

I know I’m zombie’ing an old thread… but uh, latest everything here in Big Sur… and these dropbox URLs no longer play in Safari. *sigh* . . .

Maybe it’s because the files got removed? I got some new ones in my Dropbox so we can test:

@Falco that audio file in your reply, when I click play the loading spinner just, spins.

Screen Shot 2021-03-02 at 07.01.271250×576 268 KB

If I grab the address…

Screen Shot 2021-03-02 at 07.02.091156×766 569 KB

it’s

https://www.dropbox.com/s/yerjh0ddm6rjs21/Wakka%20Wakka.mp3?dl=1

It does work fine on both my desktop and phone, but I can see how the multiple redirects can break it easily. I’d recommend anyone to upload those files directly to Discourse.

oh! good point…

HTTP/2 301 cache-control: no-cache,no-cache, no-store content-security-policy: sandbox content-type: text/html; charset=utf-8 date: Tue, 02 Mar 2021 16:17:05 GMT location: /s/dl/yerjh0ddm6rjs21/Wakka%20Wakka.mp3 pragma: no-cache referrer-policy: strict-origin-when-cross-origin server: envoy set-cookie: locale=en; Domain=dropbox.com; expires=Sun, 01 Mar 2026 16:17:05 GMT; Path=/; secure set-cookie: gvc=OTUwNzQ0Mzc3NzU2NjkxODM4OTE4NDk0MDgxMjAwNjgxMDIxMA%3D%3D; expires=Sun, 01 Mar 2026 16:17:05 GMT; httponly; Path=/; secure set-cookie: flash=; Domain=dropbox.com; expires=Tue, 02 Mar 2021 16:17:05 GMT; Path=/; secure set-cookie: puc=; expires=Tue, 02 Mar 2021 16:17:05 GMT; httponly; Path=/; secure set-cookie: bang=; Domain=dropbox.com; expires=Tue, 02 Mar 2021 16:17:05 GMT; Path=/; secure set-cookie: t=A0zo8e5fjm3PXvoUm3_M8Ore; Domain=dropbox.com; expires=Fri, 01 Mar 2024 16:17:05 GMT; httponly; Path=/; secure set-cookie: __Host-js_csrf=A0zo8e5fjm3PXvoUm3_M8Ore; expires=Fri, 01 Mar 2024 16:17:05 GMT; Path=/; secure x-content-type-options: nosniff x-frame-options: DENY x-permitted-cross-domain-policies: none x-robots-tag: noindex, nofollow, noimageindex x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000; includeSubDomains strict-transport-security: max-age=31536000; includeSubDomains vary: Accept-Encoding x-dropbox-response-origin: far_remote x-dropbox-request-id: 014773fffd9744368958f7bd03e74ae3

tells me DB would prefer we use (for the file you shared above, dropping a dl=1 URL into your replly) …

https://www.dropbox.com/s/dl/yerjh0ddm6rjs21/Wakka%20Wakka.mp3

which just redirects again…

HTTP/2 302 cache-control: no-cache,no-cache, no-store content-security-policy: sandbox content-type: text/html; charset=utf-8 date: Tue, 02 Mar 2021 16:18:51 GMT location: https://uc210b381124f7e2c595f0144180.dl.dropboxusercontent.com/cd/0/get/BJ5026I61AGfxjUZw4UAy6BoWHpQbSEN0gROgXEQDAhej5g_ws5PGpMKoAWm2TFZ78wPD3W3jnOfiuXDCymHTnohQYszoTuUH5QxZXpRt3Ebjgzx5kywk-ucuWZRdlX1RC0/file?dl=1# pragma: no-cache referrer-policy: strict-origin-when-cross-origin server: envoy set-cookie: locale=en; Domain=dropbox.com; expires=Sun, 01 Mar 2026 16:18:51 GMT; Path=/; secure set-cookie: gvc=NjAxMjA0ODM0MjU5NzUxOTc0NzM5NTA4Mzk1NTUxODQ1NTYxMzI%3D; expires=Sun, 01 Mar 2026 16:18:51 GMT; httponly; Path=/; secure set-cookie: flash=; Domain=dropbox.com; expires=Tue, 02 Mar 2021 16:18:51 GMT; Path=/; secure set-cookie: puc=; expires=Tue, 02 Mar 2021 16:18:51 GMT; httponly; Path=/; secure set-cookie: bang=; Domain=dropbox.com; expires=Tue, 02 Mar 2021 16:18:51 GMT; Path=/; secure set-cookie: t=h92aZNHZPxQ0OvaeouTFBVK-; Domain=dropbox.com; expires=Fri, 01 Mar 2024 16:18:51 GMT; httponly; Path=/; secure set-cookie: __Host-js_csrf=h92aZNHZPxQ0OvaeouTFBVK-; expires=Fri, 01 Mar 2024 16:18:51 GMT; Path=/; secure x-content-type-options: nosniff x-frame-options: DENY x-permitted-cross-domain-policies: none x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000; includeSubDomains strict-transport-security: max-age=31536000; includeSubDomains vary: Accept-Encoding x-dropbox-response-origin: far_remote x-dropbox-request-id: 29b87eb2e3ef458f9490ba6f202d95af

to

https://uc210b381124f7e2c595f0144180.dl.dropboxusercontent.com/cd/0/get/BJ5026I61AGfxjUZw4UAy6BoWHpQbSEN0gROgXEQDAhej5g_ws5PGpMKoAWm2TFZ78wPD3W3jnOfiuXDCymHTnohQYszoTuUH5QxZXpRt3Ebjgzx5kywk-ucuWZRdlX1RC0/file?dl=1#

let’s see, what does that do if I drop it in here . . .

https://uc210b381124f7e2c595f0144180.dl.dropboxusercontent.com/cd/0/get/BJ5026I61AGfxjUZw4UAy6BoWHpQbSEN0gROgXEQDAhej5g_ws5PGpMKoAWm2TFZ78wPD3W3jnOfiuXDCymHTnohQYszoTuUH5QxZXpRt3Ebjgzx5kywk-ucuWZRdlX1RC0/file?dl=1#

¯\_(ツ)_/¯ yet another reason I’ll add to my list of reasons why I don’t use Dropbox

To be fair, Dropbox never claims to be a hotlink storage service like, for example, Imgur is.

If you will use Discourse extensively with media files like that you have plenty of alternatives:

• Direct upload to Discourse (that can optionally be backed by an Object Storage service and shielded by a CDN)

• Dozens of specialized services for media hosting with embeds allowed, like Youtube, Vimeo, Soundcloud, Peertube, etc.

Hi @craigconstantine (nice to see you) have you remembered about dropbox shares where the original dropbox share link has dl=0 at the end - if you edit this to raw=1 it should work as a player that works for most people using different OS and browsers. The details are on DB but I may be slightly missing the point about multiple redirects. Hope it helps.

https://www.dropbox.com/s/yerjh0ddm6rjs21/Wakka%20Wakka.mp3?raw=1

…no that’s the whole point here. It doesn’t work any more on Safari. You’re dropbox URL to the mp3, generates what looks like an audio player, but it doesn’t actually play.

My bad - didn’t read far enough back

In Chrome on a Mac it sometimes won’t play but a hard reload (Cmd-Shift-R in Chrome) reloads the page and makes it playable. On Safari it is Shift-reload but it doesn’t make it playable.

Got it now - in Safari I see spinning, then this

I am still on Catalina and it doesn’t work - wonder where the change has happened?

maybe we have to avoid pretty players which would be a shame - if you include the link as an inline HTML hypertext the dropbox shared link ending of dl=0 produces a new browser window and Dropbox preview and play page; dl=1 forces a download; and raw=1 produces a new browser window with a pretty player as in Discourse and starts playing. Not sure that helps but may give a useful option for you.

Hi @Falco would that need adjustment to the upload file size limit in admin? or use of an Object Storage service/CDN as you mentioned earlier?

If you plan on uploading files larger than the default limit you can increase it following Changing Max Attachment Size

If you can afford to pay for an Object Storage service and you community will be uploading large files it’s certainly the correct choice

Hi There. Just saw this thread. To recap as I understand it:

1. Right now, if you include a dropbox audio link in discourse, it will try to “onebox” it–so it will try to convert the link into an audio player you can play in the discourse post itself.

2. But, dropbox doesn’t allow remote playing. So, users will just see an audio player that won’t actually play. You could try appending ?d1=1 to the end of the link to enable the audio player to play, but this actually doesn’t work either in most browsers (it doesn’t work in my update chrome, for example).

3. The alternative is to have people upload the file directly–but that could get expensive as audio files can get large, or use something other than dropbox.

The original question in the first post here still seems valid to me–if the one-boxing “won’t work”, then it would be nice to turn off the oneboxing for the link, so users can get the most straightforward result–a link that allows them to access the actual file on dropbox.

Users probably won’t understand steps 1-3 I just laid out. They will just assume a dropbox link will either (1) play automatically or (2) take you to the dropbox site where it will play. So it would be nice to just give them the link to click on to go dropbox to view the file, if the file won’t play.

Have you tried entering dropbox.com (or whatever the proper domain name is) in “blocked onebox domains” in the site settings?

Good idea–I tested it, with a surprising result:

1. In the blocked onebox domains settings, I entered: www.dropbox.com, https://dropbox.com, dropbox, https://www.dropbox.com (I wasn’t sure what the right variation was, so wanted to cover my bases).

2. After I did that, audio files did not onebox or convert into a (unusable) audio player–they just stayed as the dropbox link. So long as dropbox won’t play audio on non-dropbox sites, this seems like the best result for audio.

3. But: Other dropbox oneboxing still seemed to happen (surprisingly), even with dropbox entered in the blocked onebox domain settings. For example, pasting in a dropbox image link still showed the image itself in the discourse post.

At a guess, it might be that the audio URLs were on www.dropbox.com and being blocked by the first thing you entered while the images were on dropbox.com or somethingelse.dropbox.com and not being blocked by the other values you’ve entered.

It’s not completely clear from the description but that setting applies to the domain entered and all subdomains. So entering a value of exactly dropbox.com will block dropbox.com, www.dropbox.com and anythingelse.dropbox.com