Domino cookies needs to be secure and have samesite

The first thing is that Domino authentication cookies needs to be secured so you can’t hijack the content. This can be performed using the httponly and secure attributes.

Secondly we might need a way to add the samesite attribute to the cookies if we get problems with the new settings in Chrome. The same site settings is to block third party cookies that is used for advertising but in Domino this could give you problems if your applications is bouncing between domains. How to achieve this.

Server setting, no the Domino server doesn’t have this setting.
Vote for the Same site ideas on Domino ideas

Javascript, no that isn’t an option because the settings added removes control from javascript.

But using XPages we have no problem reading and set the cookies again with the correct attributes.

I’ve added this to the after page load event, you need to add this code for all Domino Related cookies that your setup use. Like LTPAToken, SessionID or DomAuthSessId

var c:javax.servlet.http.Cookie = cookie.get("DomAuthSessId")
var response=facesContext.getExternalContext().getResponse();
if(c){
if(c.getSecure()==false){

response.addHeader("Set-Cookie","DomAuthSessId="+c.getValue()+"; Path=/; Secure; HttpOnly; SameSite=None");
}
}

This changes the cookies after you have done a login but it will not help if the cookies is removed when you do a login.

Update to infinite scrolling snippet

Ferry did write a great snippet to get infinite scrolling in views posted on openntf xsnippets but lately I found that this had stopped working on some server versions. So I did some changes to get this to work on all versions

<?xml version="1.0" encoding="UTF-8"?>
<xp:view xmlns:xp="http://www.ibm.com/xsp/core" xmlns:xe="http://www.ibm.com/xsp/coreex">
 
  <!-- make sure 'add rows' component is hidden -->
  <style>
    .infiniteScroll{display:none;}
  </style>
   
  <!-- add a class for the 'add rows component'  -->
  <xe:pagerAddRows id="pagerAddRows1"
    for="#{javascript:compositeData.repeatId}"
    styleClass="infiniteScroll">
  </xe:pagerAddRows>
 
   
  <!-- small script to check if we need to auto-click the 'add rows' button -->
  <xp:scriptBlock id="scriptBlock1">
    <xp:this.value><![CDATA[$(window).scroll(function(){
    if($(window).scrollTop() == $(document).height() - $(window).height()) {
      if($(".infiniteScroll ul li span").length!=0){
         $(".infiniteScroll ul li span")[0].click();
      }
      if($(".infiniteScroll ul li a").length!=0){
       $(".infiniteScroll ul li a")[0].click();
     }
   }
});]]></xp:this.value>
  </xp:scriptBlock>
</xp:view>

The changes is in the script block where I added a check if we find the span or the a tagg and if that we do a click on the first element found. This is because I didn’t get it to work using JQuerys ordinary click function.

Domino Data transfer between servers a different way

Domino has several ways of sending data or documents between servers the most common ways are as you all know replication. In another environments you might want to use an webservice.

But in domino there is several more ways to send data between servers, yes you can create a webservice but that isn’t that advanced, yes you can create an Rest service lots of work with the over head. You can send an email with an embedded form in it, how should you secure that.

Then you could actually run code on another server in an agent using Java or Lotusscript. By adding the server in to an trusted server list, nice. With compression and encryption added this is quite interesting. But there is a big but, the servers communicating needs to be in the same nab otherwise the communication fails 🙁

You might say what about cross certification, well this only works for replication not server to server code execution. But wait there is a way and this is how you make this work even if the servers are in different nabs and different certificates and it’s quite simple.

  1. Cross certify the server you want to communicate with both ways
  2. Add Server 1 in Server 2:s trusted server list
  3. Create a Person document on server 1 with server 2:s public certificate
  4. Create a Person document on Server 2 with server 1:s public certificate
  5. Add the server to the ACL on server 2

Now communication works in both ways I guess that you can change the server person with a user or perhaps add a user in the same way and run as the user. But the big thing is that you need the server you are callings public cert in the callers nab. If not you will get this on the server console.
server error your public key was not found in the domino directory

Teamviewer meeting integration in HCL Notes

Before the summer a customer approached me and asked if it was possible to integrate Teamviewer:s meeting function into the Notes calendar, so I created this solution for them. Check out the recording below.

Posting to Watson Workspace could have been the next article

But IBM will not continue to develop and announced that they will discontinue this platform, hope you didn’t invest to much in this platform.
IBM announcement
http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/4/877/ENUSZP19-0044/index.html&lang=en&request_locale=en

Some words from the community

http://oliverbusse.notesx.net/hp.nsf/blogpost.xsp?documentId=2F36

http://domino.elfworld.org/the-rumors-about-the-death-of-ibm-watson-workspace-were-not-exaggerated/

Yes this would have been the next step in my series of system integration with the new lotusscript classes but no worries there is lots of great services that also can be integrated.

What is a service that you would like to be able to integrate again in Domino?

You never know that service might be added to my list.

Posting to Slack using Lotusscript

Integrating Slack into your domino applications is quite straight forward and we can actually reuse the same code as for Microsoft Teams. But first lets see what you need to do in your slack channel.

And select add an app

And Select Build in the top right corner and start building.
Now you can create your application and select the channel for it.

Create a Slack App for IBM Domino

Next step is to active incoming webhooks

Using incoming webhooks to post to Slack

You will now get a unique post URL for this Slack channel when you want to post application messages.

Now over to Domino designer

  1. Create a Lotusscript agent
  2. Add the following code
Dim session As New notessession
Dim SlackURL As String,Body As String,Message as string
message="Domino 10 Talks"
SlackURL="<Paste the Slack URL here>"
Dim http As NotesHTTPRequest
Set http=session.CreateHTTPRequest()
Body=|{"text":"|+Message+|"}|
Call http.SetHeaderField("ContentType","application/json")
Call http.Post(SlackURL,Body)
	

This is how you simply post messages to a slack channel with Domino 10. Check out how to post to Microsoft teams if you haven’t

Posting to Microsoft teams from using Lotusscript

With the new HTTP classes in Domino 10 and lotusscript sending a message to a Microsoft teams group is very simple.

first you need to enable your microsoft teams group to accept posts this is done by adding a incoming webhook to the teams channel

  1. Open the Channel and click the More Options button (which appears as three dots at the top right of the window).
  2. Select Manage teams.
  3. Click on the Apps tab and click on the Go to Store button
  4. Scroll down or search for Incoming Webhook and click the Add button.
  5. Give the connector a name and image of your choosing and finally click Create.
  1. A new unique URI is automatically generated. Copy this URI string to your clipboard.

Now over to domino designer

  1. Create a Lotusscript agent
  2. Add the following code
Dim session As New notessession
Dim teamsURL As String,Body As String,Message as string
message="Domino 10 Talks"
teamsURL="<Paste the teams URI here>"
Dim http As NotesHTTPRequest
Set http=session.CreateHTTPRequest()
Body=|{"text":"|+Message+|"}|
Call http.SetHeaderField("ContentType","application/json")
Call http.Post(teamsURL,Body)
	

Run the code and a message should appear in the channel. There is lots of extensions to the Json Body so you can format the text and add images or links. Happy Coding!! This is the first post of a series how you can extend Domino 10 using the new http and json request classes.
Check out Posting to Slack

Happy Coding.

Developer roadmap of Domino?

Domino 10 is out from a end user perspective but from a developer perspective not much is added.
We have got some new classes for Lotusscript, upgraded version of eclipse in designer but that gives so far more problem than positive effects.

IBM/HCL has said that they will come out with a developer roadmap and that will be interesting and I hope that it will contain the following and I will explain why.

a future roadmap for the basic client with development improvements, why because a new client for IOS is released that there has been talk of Android and Webassembly that is why this must improve why spend money on this if no one should use it for new development.

Updates to XPages with new functionality, updated Dojo and Extension library. Why, this is the ONLY mature development option on the platform except legacy Domino web development. And Domino developers will probably not jump on and start moving all code to a new dev platform again that is in Beta.

Updates to the http web engine like http/2 and websockets. Why, because modern web development requires fast delivery of resources and the app.

And finally maturing the new NodeJS engine with more functionality to support Domino security and api more like LS and Java

Not a sub or function name

If you suddenly start getting errors from a scriptlibrary or on a button in a form or a view.
Errors like this

  • Not a sub or function name
  • Sub or Function Not Defined
  • DB is not declared
  • Variable not resolved
  • Unable to find XXXX

Check that you variables / functions / Subs is declared as public

This is done at the top of the library or form using Options Public

This error can easily be mistaken with 64K library problems, Lotusscript recompile issues and other Domino FP9 and FP10 related issues

IBM Domino and GDPR, what is this?

On the 25:th of May this year a new set of rules come in affect for companies that deal with European citizens. This will give some basic rights to people and the information related to them.
This will affect all companies in EU or working against EU, so if you are an US based company but have customers inside EU you are affected by this.

  1. Right to know what is stored
  2. Right to be forgotten
  3. Right to correct wrongful data
  4. Right to portability
  5. Right not to be a subject to automated decision making

This will then have some effects on your company and the systems holding the information.

  1. Make sure that you have a data privacy policy
  2. Make sure you know what information you use to what and where
  3. Make sure that you process information on a legal ground
  4. Inform and get consent from users if needed
  5. Make sure that information is safe
  6. Make sure that right people have access to the information
  7. Make sure that you can erase information/anonymize that you don’t have rights to process anymore (Yes, backups also apply)
  8. Make sure that you can correct wrongful information
  9. Have a routine to investigate and report data breaches
  10. Make a list of all your data processors

How can we handle this in a Domino based system then?

Notes names and the Adminp process is a good start to comply with right to correction and right to be forgotten. But you might probably need to adjust your applications
Fulltext search and Domain search can also help you find data that you need to remove and/or correct.
Enable webserver logs to find out what is happening in you webb environment, but remember to clean up this log with the retention policy that you have decided and add that you log things to you privacy policy.

If you need assistance, have questions or need help getting ahead of this feel free to contact me.
Also Follow my twitter flow for GDPR articles in Swedish and English –> GDPR News

I’ve also found a tool that can help you track changes in your Domino environment GDPR Logger
( Contact me if you find this tool interesting )

Some more info in this youtube video by Ytria