Problem and Symptoms
All of a sudden, starting August 5, 2021, the spell checking service stopped working despite the fact that previous it worked properly. There are CORS errors in browser console and failed request observed in network tabs.
Affected products/integrations: WProofreader add-on for RTEs, WProofreader plugin for CKEditor 5, SCAYT and Spell Check Dialog (WSC) plugins for CKEditor 4 untilizing the Cloud version.
Here is an example of an error thrown in the browser console:
Access to XMLHttpRequest at 'http://svc.webspellchecker.net/spellcheck31/script/ssrv.cgi'
from origin 'http://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
wscbundle.js?_=1628087864273:40 The WebSpellChecker Service is currently unavailable.
POST http://svc.webspellchecker.net/spellcheck31/script/ssrv.cgi net::ERR_FAILED
Effective August 5, 2021, we introduced the security update/improvement for all cloud services that restrics the access to the service over HTTP. Technically, all the requests to HTTP are redirected to HTTPS. It works properly for static web content and direct API requests but not for API requests originated from other originals which are blocked by cross-origin resource sharing (CORS) policy.
To solve the issue, the service resources must be loaded via HTTPS. Thus, the updates in the configuration of the service are required. It doesn't mean that you need to change the configuration of your website or web app to HTTPS right away. However, it is highly recommended as a modern best practice to ensure data security, integrity and privacy.
SCAYT & WSC plugins for CKEditor 4
If you are using the plugins for CKEditor 4, please add the scayt_srcUrl (for SCAYT) or wsc_customLoaderScript (for WSC) to CKEditor config.js along with the rest settings that will load the plugin resources via HTTPS.
WProofreader add-on for RTEs
In case of WProofreader integration, just load wscbundle.js script over HTTPS.