Versions Compared

Old Version 5

changes.mady.by.user user-232a4

Saved on

compared with

New Version 6

changes.mady.by.user Julia Shaptala

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Problem

...

and Symptoms

All of a sudden, starting You successfully configured the WebSpellChecker Cloud product (WProofreader, SCAYT) or used the Web API services, but then suddenly, after August 5, 2021, the spell checking service stops working and you see tstopped working despite the fact that previous it worked properly. There are CORS errors in browser console and failed request observed in network tabs.

Affected products/integrations: WProofreader add-on for RTEs, WProofreader plugin for CKEditor 5, SCAYT and Spell Check Dialog (WSC) plugins for CKEditor 4 untilizing the Cloud version.

Here he CORS error in the console. Below is an example of such an error thrown in the browser console:

Warning
Access to XMLHttpRequest at 'http://
staging
svc.webspellchecker.net/spellcheck31/script/ssrv.cgi' from origin 'http://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 

wscbundle.js?_=1628087864273:40 The WebSpellChecker Service is currently unavailable. POST http://
staging
svc.webspellchecker.net/spellcheck31/script/ssrv.cgi net::ERR_FAILED
Root cause
Effective August 5, 2021, we introduced the security update/improvement for all cloud services that restrics the access to the service over HTTP. Technically, all the requests to HTTP are redirected to HTTPS. It works properly for static web content and direct API requests but not for API requests originated from other originals which are blocked by cross-origin resource sharing (CORS) policy.   
Solution
To solve the issue, change the product configuration settings from HTTP to HTTPS. 
Within our security improvements, on August 5, 2021, we restricted the ability to send the spelling and grammar check requests via HTTP to our Cloud. It is a common practice to improve the security of both the servers themselves and the data they process. To solve this case, your participation is required.
the service resources must be loaded via HTTPS. Thus, the updates in the configuration of the service are required. It doesn't mean that you need to change the configuration of your website or web app to HTTPS right away. However, it is highly recommended as a modern best practice to ensure data security, integrity and privacy.
SCAYT & WSC plugins for CKEditor 4
If For example, if you are using the plugins for CKEditor 4, please add the scayt_srcUrl (for SCAYT) or config. wsc_customLoaderScript (for WSC) to CKEditor config.js along with the rest settings that will load the plugin resources via HTTPS.
 Code Block
// for SCAYT
config.scayt_srcUrl ='https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js';

// for WSC
config.wsc_customLoaderScript = 'https://svc.webspellchecker.net/spellcheck/lf/22/js/wsc_fck2plugin.js';  
WProofreader add-on for RTEs
In case of WProofreader integration, just load wscbundle.js script over HTTPS.For WProofeader, you have to make changes to the src script:
 Code Block
<script type="text/javascript" src="https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js"></script>