Domino Nomad Sametime Integration

RichardDew · June 11, 2025, 10:08am

**Domino/Notes Version:14FP4
**Add-on Product (if appropriate, e.g. Verse / Traveler / Nomad / Domino REST API):Nomad
**Operating System:Linux
**Client (Notes, Nomad Web, Nomad Mobile, Android/iOS, browser version):Nomad 1.0.16

Problem/Query: Nomad on Domino Sametime Integration, I have setup the integration and I can now see the ST Option in the Nomad task bar at the top, however it always has a line through it. If I click on the st chat icon it opens up my sametime webchat window in a new tab no problem and is logged in but I am getting no integration in Nomad.

Looking at the logs I am seeing the below
error 11/06/2025, 10:46:04 Security Policy Violation: Blocked URI: https://webchat.acme.com/sametime-auth/api/v1/check
Violated Directive: connect-src
Original Policy: default-src ‘self’; script-src ‘self’ ‘wasm-unsafe-eval’; style-src ‘self’ ‘unsafe-inline’; img-src ‘self’ blob: data:; font-src ‘self’ data:; frame-src ‘self’
Source File: https://nomad.acme.com/nomad/909-f4fbe1ccb0af693bf93c.js
Document URI: https://nomad.acme.com/nomad/

I have double checked the nomad-config.yml and the http headers seem correct, it doesn’t moan on start up. I have also checked the CORS for the Docker-Compose setup I have for Sametime and all looks correct but from the error I think this isn’t the sametime config this is an issue on the nomad config.

Has anyone else got this to actually work properly and if so any ideas what I could have incorrect? Here is my nomad-config.yml

HTTP headers added to the server response

httpHeaders:

Defaults:

Strict-Transport-Security: max-age=7776000; includeSubDomains

X-Content-Type-Options: nosniff

Referrer-Policy: strict-origin-when-cross-origin

X-Frame-Options: DENY

X-XSS-Protection: 1; mode=block

Permissions-Policy: “accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), web-share=()”

Content-Security-Policy: “default-src ‘self’; script-src ‘self’ ‘wasm-unsafe-eval’; style-src’self’ ‘unsafe-inline’; img-src ‘self’ blob: data: https://.acme.com; font-src ‘self’ data:; frame-src ‘self’ https://.acme.com; connect-src ‘self’ data: https://*.acme.com”

shigemitsu.tanaka · June 12, 2025, 2:47am

Hello
It worked fine in my environment.
Please verify that the charactor of double quotation mark and single quotation mark are correct.
Also, try replacing ".acme.com" and "*.acme.com" with "webchat.acme.com" and test again.

Regards,
Shigemitsu

RichardDew · June 12, 2025, 7:07am

Thanks for replying. I did actually set it up originally with the full url including webchat but when that didn’t work and I saw that you could use wildcards that’s when I changed it over. I have changed it back and still same issue.

I went through and replaced all the single and double quotations but still same issue, however are you saying the the URL’s need to be in double quotes as that’s not how it shows in the documentation and if I do add double quotes to each URL then Nomad won’t start as it complains that there is an invalid use of double quotes.