Detailed information for the notes.ini Keyword: 

iNotes_WA_Security_NonceCheck


Short Description: Controls the Nonce feature in iNotes

Description:
A nonce checking security feature was introduced in the Domino 8.5.2 release. The purpose of nonce checking is to block Cross Site Request Forgery (CSRF) attacks, by validating a browser value with one generated at the webserver before a user attempts to make any POST requests to domino iNotes. (send an email, save a draft, create a contact, save an inotes preference etc)

However due to the nature of how the nonce value is stored in the ShimmerS cookie this security setting can sometimes cause conflicts when running Domino from behind a proxy server (such as IMC). In these cases Support recommends disabling the feature by setting the notes.ini iNotes_WA_Security_NonceCheck=0

It may also be necessary to set:

iNotes_WA_Security_RefererCheck=0





Default value:
None

Syntax:
iNotes_WA_Security_NonceCheck=0/1

Example:
iNotes_WA_Security_NonceCheck=1

Applies to:
Server