Content security policies for web apps


Your web app may behave in unexpected ways if your Domino deployment has IFrame security enabled or if it requires a content security policy to be defined for web apps. Specifically, this could affect your web app’s access to external resources (images, APIs, etc.). If your web app requires access to certain resources to function properly, your Domino administrator may need to whitelist those resources.

Identifying resources that need to be whitelisted

To give your web app access to external resources that may be blocked, you’ll need to identify and gather the URLs of those resources using your web browser.

  1. Open your preferred web browser.

  2. Navigate to your web app in Domino.

  3. Start and open your web app.

  4. Once the app is open and running, open your browser’s web console.

  5. Locate the URL(s) of the resources your app needs to access. In Chrome, they’re highlighted in red and are typically preceded by a message like “Refused to connect to…” (or similar).


  1. Share these URLs with your Domino administrator and request that the URLs be whitelisted.

  2. After the URLs are whitelisted, stop and restart your Domino web app. Your web app should now have access to these resources.

If you’re a Domino administrator, please refer to the following documentation in the Administrator’s Guide: Web App Central Configuration.