Cross-Origin Security in Domino web apps

Published Domino web apps are served in an HTML Inline Frame, or iframe. By default, Domino enables the “sandbox” attribute for the iframe. The “sandbox” attribute applies extra security restrictions to your web app, like blocking cross-origin requests, form submissions, script executions, and much more. To learn more about these extra security restrictions, please read the “sandbox” attribute notes in the following resource: HTML Inline Frame Attributes.


Your web app may not function properly if it uses AJAX requests or stores information in cookies or localstorage. If you’d like to change this behavior, please contact your Domino administrator.