Hello there,
I would like to ask is there a way in streamlit to set that other users cant embed my application using the iframe src? Because to stop this I tried to embed it inside a flask api endpoint and controll http headers like that but that is cumbersome and might not work for production at all.
Thanks for the answers!
Wouldnt this lower the security of the app? During hte startup of the server cant i block the header thats always sent with the iframe tag if someone from other wesite wants to embed my app into theirs?
oh oops, sorry I misread your question! I thought you wanted to enable it but you actually want to block it from happening, right?
It does not look like we allow configuring CSP headers or so right now.
We have two open issues here for it:
- Allow configuring HTTP Security Headers · Issue #9160 · streamlit/streamlit · GitHub
- Handling Security Headers in Streamlit · Issue #6417 · streamlit/streamlit · GitHub
and the best would be to upvote them!