Dynamic Web TWAIN v17.2.1 is released

Improved Features

• Made changes to handle CORS preflight requests sent by Chrome from V98.
• For Chromium V84+, use user Agent Data instead of user Agent in response to User Agent String phasing out issue.

Bug Fixed

• Fixed a bug where Dynamsoft Service installation/uninstallation failed due to the current user account does not match the user account under C:\Users{account}.
• [HTML5 on Mac OS] Fixed a bug where the short key (set by organization ID) did not work on Mac OS 12+.
• Fixed a bug where the mouse wheel did not work when the mouse was over the viewer.
• [HTML5 on Mac OS] Fixed a bug where buttons were not visible during Dynamic Web TWAIN/Dynamsoft Service installation when using dark mode.

Project Deployment and End-user Installation

Dynamic Web TWAIN issue in Chrome 101

Symptom

In Chrome 101+, when visiting a website that has Dynamic Web TWAIN SDK v17.2 or older integrated into the application, you may see the following error message in the browser console. For the end users of your website, they may be prompted repeatedly to download and install the Dynamsoft Service.

NOTE that the same issue will also occur in any browser based on Chromium 101+, such as Microsoft Edge 101.

“Access to XMLHttpRequest at 'https://local.dynamsoft.com:****' from origin 'https://yourwebsiteURL' has been blocked by CORS policy:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Private-Network' header was present in the preflight response for this private network request targeting the `local` address space.”

Chrome 101 is expected to be released in April 2022. In Chrome 98, you may have already noticed the following warning/error message in the browser console, but it is not expected to cause any immediate issues.

“A site requested a resource from a network that it could only access because of its users' privileged network position. These requests expose devices and servers to the internet, increasing the risk of a cross-site request forgery (CSRF) attack, and/or information leakage.

To mitigate these risks, Chrome will require non-public sub-resources to opt-into being accessed with a preflight request and will start blocking them in Chrome 101 (April 2022).”

Cause

As a part of the Private Network Access (PNA) specification, Chrome is deprecating direct access to private network endpoints from public websites. In Chrome 101, Chrome will enforce explicit permission from private network endpoints before requests from public websites can be allowed.

Dynamic Web TWAIN utilizes a local service named ‘Dynamsoft Service’ to support document scanning from physical scanners. Your web scanning page needs to make requests to localhost or 127.0.0.1 to communicate with the local service. In Chrome 101, the connection from your public website to the private network (i.e. localhost/127.0.0.1) will be blocked.

Resolution

You can apply one of the following solutions:

• Upgrade Dynamic Web TWAIN SDK to version 17.2.1 or later

In version 17.2.1, we have made changes to handle preflight requests on our end to resolve the issue. You can test the latest version with our free trial and when you are ready to upgrade, please contact us to request the upgrade.

Please note that once upgraded, the Dynamosft Service on all client machines also need to be updated. You may consider installing Dynamsoft Service silently.

• Disable Private Network Access checks using enterprise policies

If you have administrative control over your users, you can disable Private Network Access checks.