Dynamic Web TWAIN: Content Security Policy

 Facts

  1. Out of security concerns, many websites implement Content Security Policy (CSP) to help detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks, etc. More info>>>
  2. Dynamic Web TWAIN is designed to run in client-side browsers. It requires that the web pages where it is embedded to allow its scripts to run as well as its resource files to be downloaded. These scripts and files are all put together in the /Resources/ directory by default.

Issue

Because of the facts above, when a web page that wishes to use Dynamic Web TWAIN has been configured by CSP to disallow execution of the required scripts or downloading of the required files, Dynamic Web TWAIN will not run properly.

Solution

The web page developer or the website administrator needs to update the CSP policies so that the required scripts can be allowed for execution and the required files allowed downloading.