Skip to content

eSCL should use full Location header when scanning.

Sane fails to scan using eSCL from a Lexmark MC3224dwe (and probably others) because it assumes the url of the job always starts with /eSCL/ScanJobs instead of using the full url as provided in the Location header send by the device when starting a new job. This Lexmark scanner sends a location header /eSCL/ScanJob/<guid> (notice the missing s) as the job url.

This was captured from the network:

POST /eSCL/ScanJobs HTTP/1.1
Host: 10.0.0.221
Accept: */*
Content-Length: 823
Content-Type: application/x-www-form-urlencoded

<?xml version="1.0" encoding="UTF-8"?><scan:ScanSettings xmlns:pwg="http://www.pwg.org/schemas/2010/12/sm" xmlns:scan="http://schemas.hp.com/imaging/escl/2011/05/03">   <pwg:Version>2.0</pwg:Version>   <pwg:ScanRegions>      <pwg:ScanRegion>          <pwg:ContentRegionUnits>escl:ThreeHundredthsOfInches</pwg:ContentRegionUnits>          <pwg:Height>0</pwg:Height>          <pwg:Width>0</pwg:Width>          <pwg:XOffset>0</pwg:XOffset>          <pwg:YOffset>0</pwg:YOffset>      </pwg:ScanRegion>   </pwg:ScanRegions>   <pwg:DocumentFormat>image/jpeg</pwg:DocumentFormat>   <scan:DocumentFormatExt>image/jpeg</scan:DocumentFormatExt>   <scan:ColorMode>RGB24</scan:ColorMode>   <scan:XResolution>75</scan:XResolution>   <scan:YResolution>75</scan:YResolution>   <pwg:InputSource>Platen</pwg:InputSource></scan:ScanSettings>

HTTP/1.1 201 Created
Date: Fri, 11 Jun 2021 11:47:19 GMT
Server: Lexmark_Web_Server
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache
Location: http://10.0.0.221/eSCL/ScanJob/173f53b8-3f7c-4fc6-9405-e95c04d359cd
Content-Length: 0
X-XSS-Protection: 1; mode=block
Content-Security-Policy:     default-src 'none';    script-src 'self' 'unsafe-eval' 'unsafe-inline';    style-src 'self' 'unsafe-inline';    img-src 'self' data: https:;    connect-src *;    frame-src 'self' 'unsafe-inline' 'unsafe-eval';    font-src 'self'
X-Content-Type-Options: nosniff
GET /eSCL/ScanJobs/173f53b8-3f7c-4fc6-9405-e95c04d359cd/NextDocument HTTP/1.1
Host: 10.0.0.221
Accept: */*

HTTP/1.1 400 Bad Request
Date: Fri, 11 Jun 2021 11:47:19 GMT
Server: Lexmark_Web_Server
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache
Content-Length: 0
X-XSS-Protection: 1; mode=block
Content-Security-Policy:     default-src 'none';    script-src 'self' 'unsafe-eval' 'unsafe-inline';    style-src 'self' 'unsafe-inline';    img-src 'self' data: https:;    connect-src *;    frame-src 'self' 'unsafe-inline' 'unsafe-eval';    font-src 'self'
X-Content-Type-Options: nosniff
Connection: close

Notice how the NextDocument request is send to a URL that is different from the one specified in the Location header of the first request. Using the specified location seems to work, at least when testing with https://github.com/ziman/scan-eSCL/blob/master/scan.py

It might be that Lexmark is not adhering to the eSCL spec here, but it seems sensible to me to actually use the Location specified instead of assuming it follows a certain pattern (at least the path, moving to a different host might have security implications).

Edited by AVee1
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information