Securing user-created content

To prevent cross-site scripting attacks (XSS), user content—such as Jupyter Notebooks—can be served from a separate domain.

To enable this:

1. Configure the project to use a separate content domain:

   anaconda-server-config --set SERVER_NAME your.anaconda.repository
   anaconda-server-config --set USER_CONTENT_DOMAIN your.usercontent.server
   

   NOTE: Replace your.anaconda.repository and usercontent.your.anaconda.repository with the respective server IP address or domain name.

2. If your user content domain is a subdomain of your Repository domain, you must also configure the session cookie to only send to the root domain:

   anaconda-server-config --set SERVER_NAME your.anaconda.repository
   anaconda-server-config --set USER_CONTENT_DOMAIN usercontent.your.anaconda.repository
   anaconda-server-config --set SESSION_COOKIE_DOMAIN your.anaconda.repository
   

   NOTE: Replace your.anaconda.repository and usercontent.your.anaconda.repository with the respective server IP address or domain name.