Secure your Domino app with access control and permissions.
Manage access with the Permission tab:
-
Anyone, including anonymous users - In this mode, anyone with the URL can access your app, even if they don’t have a Domino account.
-
Anyone with an account - Anyone logged in to Domino with an account can access the app.
-
Invited users only - Only users you explicitly invite can access the app.
-
Invited users (others can request access) - Only users you explicitly invite can access the app, but users can request access (that you can approve).
You might want to create apps that need to know who uses them. For example, this is useful if you want to load specific default values or preferences, or if you want to access different data based on who views your app.
To enable this, Domino passes the username of a user who accesses your Domino app in an HTTP header named domino-username
.
If your app framework gives you access to the HTTP headers of the active request, retrieve the domino-username
for use by your app code. If you allow users who are not logged in to Domino to view your apps, the value of the domino-username
header is Anonymous
.
Note
| This identity header is only available when you use app frameworks that support proxied HTTP headers. This header is supported by Flask and Dash by default, but Shiny requires that you use Server Pro |
Access username example
Create the files for this Flask example that gets the Domino username of an app viewer in your project:
#!/usr/bin/env bash
export LC_ALL=C.UTF-8
export LANG=C.UTF-8
export FLASK_APP=app.py
export FLASK_DEBUG=1
python -m flask run --host=0.0.0.0 --port=8888
Here is a simple app.py
file that renders a template named index.html
.
This app imports request
from flask
, which gives you access to the headers of the active HTTP request.
import flask
from flask import request, redirect, url_for
class ReverseProxied(object):
def __init__(self, app):
self.app = app
def __call__(self, environ, start_response):
script_name = environ.get('HTTP_X_SCRIPT_NAME', '')
if script_name:
environ['SCRIPT_NAME'] = script_name
path_info = environ['PATH_INFO']
if path_info.startswith(script_name):
environ['PATH_INFO'] = path_info[len(script_name):]
return self.app(environ, start_response)
app = flask.Flask(__name__)
app.wsgi_app = ReverseProxied(app.wsgi_app)
# Homepage which uses a template file
@app.route('/')
def index_page():
return flask.render_template("index.html")
There is a template file at templates/index.html
that fetches the
domino-username
header from the requests
object and renders it.
<!DOCTYPE html>
<html>
<body>
<h1>Your username is {{ request.headers.get("domino-username") }}</h1>
</body>
</html>
If you host this app in Domino and open it, you’ll see something like this where the username shown matches the username of the app user.
If your Domino deployment exercises iFrame security or requires a content security policy for web apps and your app behaves in unexpected ways, see Whitelist resources.
By default, Apps are limited to load only within an iFrame. Attempting to access an App URL directly will result in a 400 Bad Request
error for users. To control this behavior see the ShortLived.iFrameRequired
Feature Flag.