Skip to content

Configuration properties

This topic contains a list of properties in the Domino Leap VoltConfig.nsf. You can adjust the settings listed in the file, or add your own for a custom configuration.

Properties

adminInfo

Allows admin contact information to be shown within error messages.

If adminInfo1 and adminInfo2 are both provided, the error message will be “We are unable to process your request. If this error persists, report the problem to your administrator at adminInfo1, or adminInfo2, and provide error reference: XXX.”

If only adminInfo1 is provided, the error message will be “We are unable to process your request. If this error persists, report the problem to your administrator at adminInfo1 and provide error reference: XXX.”

If neither are provided, the error message will be “We are unable to process your request. If this error persists, report the problem to your administrator and provide error reference: XXX.”

Examples: 

adminInfo1 = admin@yourcompany.com 
adminInfo2 = 1-800-GET-HELP

anonBlockedMsg

When a user attempts to access a Domino Leap application anonymously, an error message is displayed. The default message is “Anonymous access blocked”. You can change the default message to provide additional information to the user.

Example: 

anonBlockedMsg=Anonymous usage is not allowed

appFiles

List of allowed (whitelist) and not allowed (blackList) file types, and the maximum file sizes for Application File uploads.
A whiteList is strongly recommended for best security.

File types can be specified as:

  • mimetypes - text/plain application/json
  • partial mimetypes - text/ image/ /javascript
  • file extensions - GIF PDF XML (case insensitive)

appFilesWhiteList (Recommended) - A space-separated list of allowed files types

  • default value - css js svg png gif bmp jpg webp txt pdf ttf otf woff woff2

appFilesBlackList (Deprecated) - A space-separated list of disallowed file types:

  • default value - (empty)

appFilesMaxSize.[size_in_KB] - Max file size for the given separated list of values, in kilobytes.

  • value can be:
    • the word "default" to indicate the default max size for all file types
    • a space-separated list of mime-types or file extensions, for max size of specific file types
  • the default max file size is 5000 KB

Example: 

appFilesWhiteList = css js text/plain image/ mp3 mp4
appFilesMaxSize.10000 = default
appFilesMaxSize.50000 = mp3 mp4

appStats

By default, the timer is enabled and the collection time is set to 3 AM daily local server timer.

Note

Depending on the volume of applications, statistics collection may take 10+ minutes, adjust the timer and frequency to server quiet time.

appStats.timerEnabled - Enable Application Statistics collection.
To disable Application Statistics collection, set to false.
Default value: true

appStats.refreshHour - Sets the hour of day to start Application Statistics collection.
Value 0 to 23, indicating the hour of day to start the statistics collection process.
Default value: 3

appStats.refreshDays - Sets the Application Statistics collection day. Use full names of day of the week, separated by a comma, semicolon, or space.
Valid values: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday
Default value: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday

Examples:

appStats.timerEnabled=true 
appStats.refreshDays=Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday
appStats.refreshHour=3

attachmentFiles

List of allowed (whiteList) and disallowed (blackList) file types, and the maximum file sizes for file uploads via Attachment and Rich Text Entry widgets.
A whiteList is strongly recommended for best security.

File types can be specified as:

  • mimetypes - text/plain application/json
  • partial mimetypes - text/ image/ /plain
  • file extensions - GIF PDF XML (case insensitive)

attachmentFilesWhiteList (Recommended) - A space-separated list of allowed files types

  • default value - png gif bmp jpg webp txt pdf odt ods odp doc docx ppt pptx xls xlsx csv tsv log

attachmentFilesBlackList (Deprecated) - A space-separated list of disallowed file types:

  • default value - (empty)

attachmentFilesMaxSize.[size_in_KB] - Max file size for the given separated list of values, in kilobytes.

  • value can be:
    • the word "default" to indicate the default max size for all file types
    • a space-separated list of mimetypes or file extensions, for max size of specific file types
  • the default max file size is 5000 KB

Example: 

attachmentFilesWhiteList = png gif jpg text/plain pdf docx xlsx csv mp3 mp4
attachmentFilesMaxSize.10000 = default
attachmentFilesMaxSize.50000 = mp3 mp4

blockAnonAccess

Anonymous access is not allowed by default which means that to use a Domino Leap application or survey, users must authenticate with a valid user ID and password.
This setting determines anonymous access, where:

  • enabled - anonymous access is blocked
  • disabled - anonymous access is allowed
  • redirect - redirects the user to authenticate

Default value: redirect

Example: 

blockAnonAccess=redirect

customThemes

The customThemes config settings define a list of customer-provided themes that can be used in Domino Leap applications.

For each theme, two parameters must be set:

  • customThemes.[ID].displayName
  • customThemes.[ID].location

[ID] - An identifier for the custom theme (e.g. "corpTheme1"). The id can contain the letters 'a' through 'z' and numbers, and must start with a letter.

displayName - The theme name to be displayed in the Domino Leap authoring UI.

location -The full URL of the theme's .css file.

For each theme, there are 2 optional parameters:

  • customThemes.[ID].isDefault
  • customThemes.[ID].nl.[LOCALE]

isDefault - If set to true, designates the theme as the default selection for new applications.

nl.[LOCALE] - For globalization support of the theme's display name. [LOCALE] is the locale code that identifies the language (e.g.,"en", "fr", "fr_CA", "zh").

After modifying these settings, restart the Domino Leap server to see the changes in the authoring environment. If the location property of a theme is modified, any deployed applications using that custom theme need to be redeployed for changes to take affect.

Examples: 

customThemes.corpTheme1.displayName = Corporate Theme 1
customThemes.corpTheme1.nl.fr = Thème d'entreprise 1
customThemes.corpTheme1.nl.zh = 企业主题1
customThemes.corpTheme1.isDefault = true
customThemes.corpTheme1.location =https://mycompany.com/theme1.css

detectBrowser

If Leap detects an unsupported browser, a warning message is displayed to the user. The user can still see the form after the warning message is closed.Where:

  • warn - The user is warned that the browser is unsupported. A list of supported browsers is displayed in the warning message. When the user closes the warning message, the form is displayed.
  • ignore - The user is not warned that the browser is unsupported, and the form is displayed.

Default value: warn

Example:

detectBrowser=ignore

embedDomainWhitelist

The domains where Domino Leap may be embedded. If the whitelist is enabled and the domain is not listed then Domino Leap applications will not be allowed to be presented as part of that content.

This property contains 2 parts:

  • embedDomainWhitelist.enabled
  • embedDomainWhitelist.[N].domain

enabled - Enables/Disables the whitelist. If the whitelist is disabled, Domino Leap will allow itself to be embedded into any domain.

Default value: true

[N].domain - '[N]' is an incrementing number starting with '1'. Provide the domain where embedding Domino Leap applications should be allowed.

Example:

embedDomainWhitelist.enabled = true
embedDomainWhitelist.1.domain = https://embedder1.example.com
embedDomainWhitelist.2.domain = https://embedder2.example.com
embedDomainWhitelist.3.domain = 'self'

exportDataWithEmails

By default when you export data from applications, emails are also exported. You can exclude emails from the export by changing the property value to false.

Where: - true; emails are exported with application data - false; emails are not exported with application data

Default value: true

Example:

exportDataWithEmails=true

hclMXFoundryApps

The hclMXFoundryApps property defines the settings for connecting Domino Leap to HCL Volt MX Foundry integration services.

This property contains the following parts:

  • hclMXFoundryApps.enabled
  • hclMXFoundryApps.[N].appName
  • hclMXFoundryApps.[N].serviceUrl
  • hclMXFoundryApps.[N].credentialAlias

Example:

hclMXFoundryApps.enabled = true
hclMXFoundryApps.1.appName = Foundry App 1
hclMXFoundryApps.1.serviceUrl = http://myFoundryServer/authService/100000002/appconfig
hclMXFoundryApps.1.credentialAlias = 'FOUNDRY_APP1'

hclMXFoundryApps.2.appName = Foundry App 2
hclMXFoundryApps.2.serviceUrl = https://100002720.myFoundryCloudServer/appconfig
hclMXFoundryApps.2.credentialAlias = 'FOUNDRY_APP2'

hclMXFoundryAppsCacheRefreshMins

The hclMXFoundryAppsCacheRefreshMins property defines the amount of time in minutes that MX Foundry service descriptions are held in memory. The default value is 60.

Example:

hclMXFoundryAppsCacheRefreshMins=60

imageDomainWhitelist

The imageDomainWhitelist config settings define a white-list of domains from where images can be uploaded to a Rich Text Entry field.

In addition to setting the following:

imageDomainWhitelist.enabled=true for each domain an additional parameters must be set.

imageDomainWhitelist.[N].domain = where "[N]" is an integer number identifying that service.

domain - The domain property implicitly allows sub-domains. For example, a domain property of example.com allows URLs such as https://www.example.com/anything, http://api.example.com/anything, or https://example.com/anything.

Examples:

imageDomainWhitelist.enabled=true
imageDomainWhitelist.[1].domain=http://acme.com
imageDomainWhitelist.[2].domain=http://acme2.com

InfoEntryPoint.dailyInfo

Provides HTML content that is shown in the login screen. Can be used for status messages, or help.

InfoEntryPoint.dailyInfo = Welcome to **HCL Domino Leap**

maximumRecordsToRetrieve

Maximum number of records that are permitted for export from the View Data page at one time. If the number of records to be exported exceeds the number set by this property, the export is stopped, and an error message is shown.

Note

The default value of 20,000 is supported for base systems. Setting the value higher could result in poor performance, depending on result set size and server hardware.

Example:

maximumRecordsToRetrieve=25000

purgeOrphanFilesHours

In some circumstances, files attached to either application designs or user-submitted records can become orphaned if the primary design or record element is removed outside the normal process. File records which are older than this number of hours and are no longer associated with an existing primary record are removed.

Default value: 48

Example:

purgeOrphanFilesHours=36

reauthInNewWindow

Helps with seamless re-authentication when Domino Leap is using an external IdP (in SAML or OIDC configurations), so that Domino Leap users do not lose their work. When set to true, the authentication flow is presented in a pop-up window, which is typically adequate for most external IdPs. It is recommended to use this setting in conjunction with reauthOnFailedRequest.

Default value: false

Example:

reauthInNewWindow=true

reauthOnFailedRequest

Helps with seamless re-authentication when Domino Leap is using an external IdP (in SAML or OIDC configurations) so that Domino Leap users do not lose their work. When set to true, a failed XHR request triggers the authentication flow. A failed request is the typical result when an SAML or OIDC session has timed-out. It is recommended to use this setting in conjunction with reauthInNewWindow.

Known Limitations: There is no mechanism in the browser for the Domino Leap code to distinguish a session time-out failure from other types of failures, such as a loss of internet connectivity. Enabling this setting means that any XHR request failure will trigger an authentication flow, even if it is not appropriate. However, for the majority of cases this setting will help Domino Leap users to not lose their work, therefore it is recommended.

Default value: false

Example:

reauthOnFailedRequest=true

runtimeCSP

The runtimeCSP setting defines the Content-Security-Policy (CSP) header that will be applied to running Forms.

Note

This setting only applies to Forms. It does not currently apply to App Pages, Summary Charts, or the View Data page.

For more information on CSP, see Content Security Policy (CSP) in the Mozilla documentation.

For more information on Strict CSP, see Strict CSP

Example:

runtimeCSP=default-src 'self' *.example.com; img-src *

runtimeResources.[N]

Additional web resources to load into the Domino Leap UI for leveraging the Custom Widget API. The values from these settings will be injected into the <head> section of Domino Leap's HTML pages.

Example:

runtimeResources.1 = <link rel='stylesheet' type='text/css' media='screen' href='/custom-widgets/samples/acme/Acme_Widgets.css'>
runtimeResources.2 = <script type='text/javascript' src='/custom-widgets/samples/acme/Acme_common.js'></script>
runtimeResources.3 = <script type='text/javascript' src='/custom-widgets/samples/acme/Acme_Boolean_Widget.js'></script>

secureJS

Enables or disables JavaScript restrictions in run time forms. When a form designer adds custom JavaScript to an application, this flag restricts the scope of that custom JavaScript. This flag applies to the entire Domino Leap server for all users.

Note

Setting this parameter to false might expose users to malicious JavaScript. Only set to false in a secured environment where Domino Leap applications are created by trusted users.

For more information, see JavaScript API for Domino Leap.

Default value: true

Example:

secureJS = false

serviceAuthorization

Access to a service description may be given to a specific user, group, or special assignment. The access control is made up of two parts:

  • Who may "discover" and work with the service while designing an application.
  • Who may "invoke" the service.

Users or Groups provided must be defined using the fully qualified common name, i.e. CN=Frank Ford/Acme or CN=IT Users/Acme

Special assignment valid values are:

  • all-authenticated: for app author "discover" privilege only
  • anonymous: for app authors and end-user "discover" and "invoke" privileges
  • all-authors: for end-user "invoke" privilege only

To enable service authorizations, set serviceAuthorization.enabled=true. Multiple services may be defined. To define a service authorization, add serviceAuthorization.serviceIdN where serviceIdN is the 'id' of the service description. The value must be a valid JSON string, see provided samples.

Note

A backslash () at the end of a line can be used to present a value over multiple lines. The backslash must be the very last character on the line.

Examples:

serviceAuthorization.enabled = true
serviceAuthorization.serviceId1 = { \
   "comment": "Auth for Service 1", \
   "discover": { "users": ["user1"], "groups": ["group1"], "special": [] }, \
   "invoke": { "users": [], "groups": [], "special": ["all-authenticated"]" } \
}

serverURI

Indicates the base URI used for critical functions, including editing applications, and email. Must include everything necessary to connect to the Domino Leap context, for example, /apps.

With this entry, all emailed links, and absolute links visible during Domino Leap design time start with the following base URI regardless of what the user enters in the address bar.

Example: 

serverURI = https://leap.example.com/apps

servicesWhitelist

The servicesWhitelist config settings define a white list of domains and HTTP actions that app authors are allowed to call directly from their applications using URL based services.

In addition to setting servicesWhitelist.enabled=true, for each service two additional parameters must be set:

  • servicesWhitelist.[N].domain =
  • servicesWhitelist.[N].actions =

The domain property implicitly allows sub-domains. For example, a domain property of example.com allows URLs such as https://www.example.com/anything, http://api.example.com/anything, or https://example.com/anything. The https or http protocol included in the domain property is respected. For example, a domain property of https://api.example.com only allows calls to secure SSL https://api.example.com/anything and not to non-secure http://api.example.com/anything. The actions property is a comma-separated list of the HTTP actions allowed for a particular domain. Valid values are GET, PUT, POST, DELETE, HEAD, and PATCH. If the actions value is missing, no actions are allowed.

Where [N] is an integer number identifying that service.

Default value: true

Examples:

servicesWhitelist.enabled = true
servicesWhitelist.1.domain = example.com
servicesWhitelist.1.actions = GET
servicesWhitelist.2.domain = https://securehost.com
servicesWhitelist.2.actions = GET, POST,PUT

Note

This white-list has no effect on service descriptions and custom service transports that were installed on the server by the administrator.

viewResponsesMaximumCount

For DB2® or Oracle. The maximum number of records that are counted when returning record sets in pages. If the total number of records exceeds viewResponsesMaximumCount, then paging indicators will no longer accurately lists the total number of pages. Setting this value higher can have performance consequences for the server if there are many users viewing forms with large response lists.

Default value: 1000

Example:

viewResponsesMaximumCount=2000

xFrameOptions

Deprecated. Use embedDomainWhitelist.

Parent topic: Configuring