Improved Features
Bug Fixed
Project Deployment and End-user Installation
Dynamic Web TWAIN issue in Chrome 101
Symptom
In Chrome 101+, when visiting a website that has Dynamic Web TWAIN SDK v17.2 or older integrated into the application, you may see the following error message in the browser console. For the end users of your website, they may be prompted repeatedly to download and install the Dynamsoft Service.
NOTE that the same issue will also occur in any browser based on Chromium 101+, such as Microsoft Edge 101.
“Access to XMLHttpRequest at 'https://local.dynamsoft.com:****' from origin 'https://yourwebsiteURL' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Private-Network' header was present in the preflight response for this private network request targeting the `local` address space.”
Chrome 101 is expected to be released in April 2022. In Chrome 98, you may have already noticed the following warning/error message in the browser console, but it is not expected to cause any immediate issues.
“A site requested a resource from a network that it could only access because of its users' privileged network position. These requests expose devices and servers to the internet, increasing the risk of a cross-site request forgery (CSRF) attack, and/or information leakage.
To mitigate these risks, Chrome will require non-public sub-resources to opt-into being accessed with a preflight request and will start blocking them in Chrome 101 (April 2022).”
Cause
As a part of the Private Network Access (PNA) specification, Chrome is deprecating direct access to private network endpoints from public websites. In Chrome 101, Chrome will enforce explicit permission from private network endpoints before requests from public websites can be allowed.
Dynamic Web TWAIN utilizes a local service named ‘Dynamsoft Service’ to support document scanning from physical scanners. Your web scanning page needs to make requests to localhost or 127.0.0.1 to communicate with the local service. In Chrome 101, the connection from your public website to the private network (i.e. localhost/127.0.0.1) will be blocked.
Resolution
You can apply one of the following solutions:
In version 17.2.1, we have made changes to handle preflight requests on our end to resolve the issue. You can test the latest version with our free trial and when you are ready to upgrade, please contact us to request the upgrade.
Please note that once upgraded, the Dynamosft Service on all client machines also need to be updated. You may consider installing Dynamsoft Service silently.
If you have administrative control over your users, you can disable Private Network Access checks.
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved