Detailed information for the notes.ini Keyword: 


Short Description: Specifies how to hande attachments


Lotus iNotes whitelist for file attachments

In order to prevent direct opening of attachments that may contain harmful content, a content-disposition header has been added that instructs the browser to save the file attachment rather than opening it directly. The downside of this is that attachments of known file types (jpg, pdf, and so on) that would have opened now requires additional steps for the customer. A white list mechanism has been implemented using two NOTES.INI variables to allow customers to specify file types that should not receive this handling.
  • iNotes_WA_Sec_AttachCDHeader
    • If set to 0, turns off the header setting.
    • If set to 1 (default), sets the header for all file types except those in the whitelist, plus (if the user-agent indicates Mobile and Safari) .bmp, .gif, .jpg, and text, plus (if the user-agent indicates Mobile and Safari and Android) the extensions already listed, plus .csv, .doc, .pdf, .ppt, and .xls.
    • If set to 2, sets the header for all file types except those in the whitelist. This allows device browsers to open the default file types in cases where either the notes.ini value is set to 1, or is not set at all. In this case, both the default four file types and those entered in the notes.ini file are used.
  • iNotes_WA_Sec_AttachCDWhiteList

    Specifies a comma-delimited list of attachment types to allow opening directly, for example,iNotes_WA_Sec_AttachCDWhiteList=jpg,pdf,gif

Default value:

iNotes_WA_Sec_AttachCDHeader=0 / 1 / 2


Applies to:

Valid for version: