AxiosError: Request failed with status code 403 when trying to upload a file

Using Streamlit
, , , ,
1

Issue
I get “AxiosError: Request failed with status code 403” when trying to upload a file.

Environment
Location: Azure App Service (works fine locally)
Python version: 3.10
Streamlit version: 1.36.0, also tested with 1.35.0
Other packages:

  • openpyxl
  • streamlit-msal
  • XlsxWriter
  • adlfs
  • requests

What I have tried

As discussed in multiple similar questions on the forum, the error disappears after disabling CORS and XSRF protection with server.enableCORS=false and enableXsrfProtection=false.

Fix for this was also discussed here App is not loading when running remotely - Streamlit Docs
I’ve set these values and confirmed that they are set:

browser.serverAddress = my-app.azurewebsites.net
browser.serverPort = 443
server.cookieSecret = secret string

as well as set STREAMLIT_SERVER_COOKIE_SECRET to be the same secret string just to be sure.

I have also set CORS Allowed Origins in Azure to * to allow everything.

Errors and logs

Error in the UI: AxiosError: Request failed with status code 403

Error in devtools:
PUT https://my-app.azurewebsites.net/_stcore/upload_file/c1e7d04c-98f7-493a-be3e-9334ba9b4bfa/69327788-ad6d-4fff-8cc2-a91bbd6bd951 403 (Forbidden)

Logs from app with log level set to debug:
Received the following back message:

file_urls_request {
  request_id: "f3600bc2-bfef-48c6-b5a9-901021c89f3b"
  file_names: "filename.xlsx"
  session_id: "c1e7d04c-98f7-493a-be3e-9334ba9b4bfa"
}

Code that produces the problem

import streamlit as st

test_upload = st.file_uploader("Test upload", type="xlsx")

Further information about the application
Internal application so I can’t share a link or repository.
See the code snippet above.

The application works fine on localhost and I can’t replicate the issue outside of the Azure environment.

All connections are set to use HTTPS and the domain and certificate are handled automatically by Azure.
Deployed to Azure using the ARM template here: Deploying Streamlit Applications with Azure App Services – Ben Alex Keen

Tested with vanilla Edge with no plugins or anything.

2

Hi @toivo.mattila,

Check out this similar issue here for a potential solution.

3

@tonykip Thank you for the quick response!

Yes, the file upload works if the XSRF protection is turned off.
I also did the other steps later in the thread

  • Inspect the server logs for detailed error messages.
  • Update Streamlit to its latest version.
  • Reboot the app.
  • Ensure the CORS configuration on your local server is correctly set up.
  • Verify there are no network restrictions or firewalls blocking requests.
  • Test the app across different browsers to spot browser-specific issues.

However, it’d be much preferable to have XSRF protection, as noted i.e. in
When to use enableCORS and enableXsrfProtection parameters? and Enable server-side CSRF guards and add support in file uploader client · Issue #1524 · streamlit/streamlit · GitHub

All help is much appreciated.
Please let me know if I can do anything to assist with debugging this issue.