Invalid character when scanning document by using Dynamic Web TWAIN HTML5 driver

When scanning a document by using Dynamic Web TWAIN HTML5 driver, the response header shows an invalid character (*).

Symptoms

When scanning a document using Dynamic Web TWAIN HTML5 driver, the response header shows an invalid character (*).

Example:

HTTP/1.1 200 OK
Connection:keep-alive
Server: dynamic_lws
Access-Control-Allow-Origin:*
Content-Type: text/json
Content-Length: 100
{
   "id" : "901931755",
   "method" : "IfAllowLocalCache",
   "result" : [ true ],
        "cmdId" : ""
}

Causes

The Dynamic Web TWAIN HTML5 Driver had a security vulnerability in which Access-Control-Allow-Origin in the response header was set to the wildcard character (*).

Resolving the problem

User response: The security vulnerability in Dynamic Web TWAIN HTML5 Driver was fixed by setting the Access-Control-Allow-Origin in response header to the authorized URL used to access the service.

To implement this fix, complete the following steps:
  1. Before you connect a workstation to Datacap Navigator, uninstall the currently installed version of the Dynamic Web TWAIN HTML5 Driver by using the Programs and Features option in Microsoft Windows Control Panel.
  2. The next time that you use the Scan task from Datacap Navigator Job Monitor, the system will prompt you to download DynamicWebTWAINHTML5Edition.exe.
  3. Download this executable file and follow the installation wizard to complete the installation. Verify that the installed version is 12.2.7427.
  4. Now, proceed with the Scan task. You are prompted to authorize the operation by selecting one of the following options:
    • Allow Once
    • Always Allow
    • Block Once
    • Always Block

The Allow Once and Block Once options are only applied for the current session, whereas the Always Allow and Always Block options remain effective until changed by the user.

System administrator response: The following updated files are available in the directory [Datacap install folder]\tmweb.java.
  • DynamicWebTWAINHTML5Edition.msi: For Microsoft Windows
  • DynamicWebTWAINHTML5MACFullEdition.pkg: For Apple Mac OS
The system administrators must use the appropriate file to preinstall the updated Dynamic Web TWAIN HTML5 Driver on any scan workstation that connects to the updated Datacap Navigator server.
Note: Do not use any other MSI file in the [Datacap install folder]\tmweb.java directory.

Result:

After you install the updated Dynamic Web TWAIN HTML5 Driver and perform the document scan action, the response header displays an authorized URL in place of the wildcard character (*).

Example:


HTTP/1.1 200 OK
Connection:keep-alive
Server: dynamic_lws
Access-Control-Allow-Origin:<my_allowed-url>
Content-Type: text/json
Content-Length: 100
{
   "id" : "901931755",
   "method" : "IfAllowLocalCache",
   "result" : [ true ],
        "cmdId" : ""
}