Thank you for the swift response.
I’ve read (part of) the two links you provided and they explain exactly some of the things I was missing. Thank you for that.
I still have a few questions. Firstly just to be sure:
- Am I missing any (major) steps in this process?
Additionally in regards to security:
- How secure is a Streamlit application hosted locally on personal server?
I am definitely a novice when it comes to web security, but if you would be able to provide a link with information regarding this I would be exceedingly grateful, as I plan to write a section regarding this in my thesis.
Finally I’ve also developed a custom component and as far as I could gather in the article I initially linked to in the thread these are hosted within an iframe with different sandbox attributes, hence not allowing it to alter the DOM or CSS of the main application, hence making it safe. However in the post it states that you’ve introduced the
allow-same-origin which as it says in the post:
lets the embedded document remove the sandbox attribute — making it no more secure than not using the sandbox attribute at all.
- Does this mean that Streamlit components thereby aren’t “safe” and in that case, what measures should be taken against it when using components in ones app?