There is a very simple change that Zebra could make in the firmware to deal with the CORS issue being discussed here.
Your document: HTTP Post AppNote 2456949.667535 of October 19, 2014 on page 4 describes the response the printer gives
after receiving the POST request. It always responds with a fixed string.
HTTP/1.1 200 OK
Content-Type: text/html
Expires: Sat, 01 Jan 2000 00:00:00 GMT
All Zebra needs to do to fix the problem is append the following line to to this fixed string:
Access-Control-Allow-Origin: *
As for security concerns, this trivial change in the response header would simply allow access to the printer that has always been available (and is still allowed by older browsers and other TCP/IP software such as curl). You would simply be allowing modern browsers to to access the printer exactly as was done before browsers added CORS limitations. There is currently no actual security occurring anyway, as the printer still prints the request, but javascript in the browser thinks an error occurred.
Yes, a more robust implementation of the HTTP method response would be nice-to-have, but this is a bug (caused by updated browsers).
Hi, I'm not sure I understand the question, but yes, having the 'ACCESS-ORIGIN' portion of the header in the http response from the printer should solve most of the CORS issue. We have not updated the firmware to solve this for several reasons. The priority has been more focused on providing connectivity through other methods that serve the greater market and are more secure.
2 Replies
There is a very simple change that Zebra could make in the firmware to deal with the CORS issue being discussed here.
Your document: HTTP Post AppNote 2456949.667535 of October 19, 2014 on page 4 describes the response the printer gives
after receiving the POST request. It always responds with a fixed string.
HTTP/1.1 200 OK
Content-Type: text/html
Expires: Sat, 01 Jan 2000 00:00:00 GMT
All Zebra needs to do to fix the problem is append the following line to to this fixed string:
Access-Control-Allow-Origin: *
As for security concerns, this trivial change in the response header would simply allow access to the printer that has always been available (and is still allowed by older browsers and other TCP/IP software such as curl). You would simply be allowing modern browsers to to access the printer exactly as was done before browsers added CORS limitations. There is currently no actual security occurring anyway, as the printer still prints the request, but javascript in the browser thinks an error occurred.
Yes, a more robust implementation of the HTTP method response would be nice-to-have, but this is a bug (caused by updated browsers).
Hi, I'm not sure I understand the question, but yes, having the 'ACCESS-ORIGIN' portion of the header in the http response from the printer should solve most of the CORS issue. We have not updated the firmware to solve this for several reasons. The priority has been more focused on providing connectivity through other methods that serve the greater market and are more secure.