CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

Problem and Symptoms

All of a sudden, starting August 5, 2021, the proofreading service stopped working despite the fact that previous it worked properly. There are CORS errors in the browser console and failed requests observed in network tabs.

Affected products/integrations: WProofreader add-on for RTEs, WProofreader plugin for CKEditor 5, SCAYT plugin for CKEditor 4 utilizing the Cloud version.

Here is an example of an error thrown in the browser console:

Access to XMLHttpRequest at '' 
from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 

wscbundle.js?_=1628087864273:40 The WebSpellChecker Service is currently unavailable. 
POST  net::ERR_FAILED

Root cause

Effective August 5, 2021, we introduced the security update/improvement for all cloud services that restrict access to the service over HTTP. Technically, all the requests to HTTP are redirected to HTTPS. It works properly for static web content and direct API requests but not for API requests originated from other originals which are blocked by the cross-origin resource sharing (CORS) policy.

Solution

To solve the issue, the service resources must be loaded via HTTPS. Thus, updates in the configuration of the service are required. It doesn't mean that you need to change the configuration of your website or web app to HTTPS right away. However, it is highly recommended as a modern best practice to ensure data security, integrity, and privacy.

SCAYT plugin for CKEditor 4

If you are using the SCAYT plugin for CKEditor 4, please add the scayt_srcUrl to CKEditor config.js along with the rest settings that will load the plugin resources via HTTPS.

config.scayt_srcUrl ='https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js';

WProofreader add-on for RTEs

In the case of WProofreader integration, just load the wscbundle.js script over HTTPS.