=============================
Securing user-created content
=============================


To prevent cross-site scripting attacks (XSS), user content---such as
Jupyter Notebooks---can be served from a separate domain.

To enable this:

#. Configure the project to use a separate content domain::

    anaconda-server-config --set SERVER_NAME your.anaconda.repository
    anaconda-server-config --set USER_CONTENT_DOMAIN your.usercontent.server



NOTE: Replace ``your.anaconda.repository`` and
``usercontent.your.anaconda.repository`` with the respective
server IP address or domain name.

#. If your user content domain is a subdomain of your Repository
   domain, you must also configure the session cookie to only send
   to the root domain::

    anaconda-server-config --set SERVER_NAME your.anaconda.repository
    anaconda-server-config --set USER_CONTENT_DOMAIN usercontent.your.anaconda.repository
    anaconda-server-config --set SESSION_COOKIE_DOMAIN your.anaconda.repository



NOTE: Replace ``your.anaconda.repository`` and
``usercontent.your.anaconda.repository`` with the respective
server IP address or domain name.
