I will be continuing the Validation Series articles, but I just came across this unexpected situation and thought I would blog about it.
I tend to do most of my development for the Notes Client, so I sometimes hurt my brain with web-related issues. But I was doing some work on one of our applications and wanted to add a favicon. I’ve done this a few times before and I’ve also seen it in TaskJam. It looks very nice and adds to the professional feel of an application, like so.
In Classic Notes I would have added pass-thru HTML, added a favicon.ico Image Resource, and all would have worked whether browsing anonymously or authenticated.
For XPages there is a default favicon, the Lotus Notes image you see showing for this page.
But within the properties of an XPage you can set the pageIcon property, as you’ll see from the TaskJam database by Elguji. You can also set it system-wide with a theme. Just create a theme and insert this:
Now the strange bit.
Set your ACL to give Anonymous Reader access to your application, the favicon displays. Set Anonymous to No Access, authenticate, and the favicon doesn’t display.
Set Anonymous to No Access but give ‘Read public documents’ privilege; go to your favicon.ico Image Resource and set Security to ‘Available to Public Access users’; authenticate and the favicon displays.
This is the same whether the favicon is referenced in the XPages properties or a theme. It looks like the browser is trying to get the favicon anonmously. So my deduction (based also on the comment above about the default XPages favicon) is that the favicon is not being served as part of the XPage HTML (to which the user is authenticating), but separately by the server.