why do Zebra to update the core software to solve the CORS problem.

will add header to the printer response can solve the problem?

Hi, I'm not sure I understand the question, but yes, having the 'ACCESS-ORIGIN' portion of the header in the http response from the printer should solve most of the CORS issue.  We have not updated the firmware to solve this for several reasons.  The priority has been more focused on providing connectivity through other methods that serve the greater market and are more secure.

Vote: 
Vote up!
Vote down!

Points: 0

You voted ‘up’


Thanks Robin.

1, I think It may be simple to update firmware with header 'ACCESS-ORIGIN'. If consider secure, can let let users to set whether add the header to it.

2, If it is solved, SAAS based on web will be well-supported. As SAAS is on internet, while usually the printer in office.

My project for example, we choose GT 820/GT 800/gk888.

BY THE WAY,  I have looked into Browser Print​ . It does not support GT 820/GT 800/gk888.

Vote: 
Vote up!
Vote down!

Points: 0

You voted ‘up’


BTW, I think browser print is not good idea. If the cors and https solved, we can scan printers via http. and it's better to add zebra information to header.

Vote: 
Vote up!
Vote down!

Points: 0

You voted ‘up’


Hi, Robin

can try "Access-Control-Allow-Origin"='*"

Vote: 
Vote up!
Vote down!

Points: 0

You voted ‘up’


Hi Shaoxiong,

We do know the method to fix the issue.  The reason we have not done this yet are many.  It is not as simple as just updating the header.  We would want to support HTTPS.  We would also want to allow for a more robust response than the current implementation provides.  Currently the printer responds with a 200 OK as long as it received the data, regardless if it is capable of printing at that moment. There is also a valid concern that it might be a security vulnerability.  Overall the entire system would need to be updated. 

We have to balance this against the other priorities.  The priority for the printer firmware team this year has been on security and releasing new printer products.  There are several methods to handle printing from websites, although I grant that http post is the easiest for external developers to implement.

Vote: 
Vote up!
Vote down!

Points: 0

You voted ‘up’


Is there any news on this issue? I understand the security concerns, but why not allow us to enable the wildcard access-control-allow-origin manually? Our clients print from various devices such a tablets and mobile phones, so browser print isn't an option. Even with the CORS issue, I got the printer to accept and print requests from all current browsers, even Safari - but a proper response would still be much cleaner.

Vote: 
Vote up!
Vote down!

Points: 0

You voted ‘up’


There is a very simple change that Zebra could make in the firmware to deal with the CORS issue being discussed here.
Your document: HTTP Post AppNote 2456949.667535 of October 19, 2014 on page 4 describes the response the printer gives
after receiving the POST request. It always responds with a fixed string.

HTTP/1.1 200 OK
Content-Type: text/html
Expires: Sat, 01 Jan 2000 00:00:00 GMT

All Zebra needs to do to fix the problem is append the following line to to this fixed string:

Access-Control-Allow-Origin: *

As for security concerns, this trivial change in the response header would simply allow access to the printer that has always been available (and is still allowed by older browsers and other TCP/IP software such as curl). You would simply be allowing modern browsers to to access the printer exactly as was done before browsers added CORS limitations. There is currently no actual security occurring anyway, as the printer still prints the request, but javascript in the browser thinks an error occurred.
Yes, a more robust implementation of the HTTP method response would be nice-to-have, but this is a bug (caused by updated browsers).

Vote: 
Vote up!
Vote down!

Points: 0

You voted ‘up’