File uploader on azure webapp - 403 Axios Error

Hi all,

iโ€™ve built a streamlit chatbot that includes the file uploader. When running locally no problem occurs. When i deploy the code on an Azure Web App the chatbot runs fine, but when uploading a file to the file uploader i get the error 403 Axios error. In several forum posts the solution is to disable the XSRF protection. That is not allowed by our company security team. So iโ€™m searching for a different solution. I came up with the streamlit doc: App is not loading when running remotely - Streamlit Docs
Under 3. they mention to use the browser.ServerAdress and browser.ServerPort. I use it the following way (added dummy url) in my run.sh file: python -m streamlit run test.py --server.port 8000 --server.address 0.0.0.0 --browser.serverAddress mywebsite.azurewebsites.net/ --browser.serverPort 443

Deployment works fine, ui is there, but again i get the error when uploading a file. In the developer console of the browser i saw that streamlit somehow adds a static โ€œhttp://โ€ in front of the browser.ServerAdress:

Anybody know a solution how to fix it without disabling the XSRF protection?

KR
Patrick

2 Likes

I have the same issue with the file_uploader and tried many differend browser.serverAddress and browser.serverPort combinations, as well as setting an environment variable STREAMLIT_SERVER_COOKIE_SECRET with a string, like recommended in the docs.
Unfortunately, nothing has worked so far, except disabling XSRF protection.
I am also on a single instance deployment, so there should be no other server involved anyway.

This thread unfortunately never was continued, and I donโ€™t know if/how to affect the cookie @ennui mentioned.

1 Like

Thanks for sharing that you have the same problem. Still facing the issue. What we found out today that if the Azure Web App has no Azure SSO enabled there is no error.

I am affected, too. Unfortunately, Azure SSO is what I need to authenticate users to my app.

All the other posts on the forum seem to suggest to just turn off CORS and XSRF.
st.file_uploader with Azure Active Directory - error 403 [August 2023] - :rocket: Deployment - Streamlit
AxiosError: Request failed with status code 403 - :balloon: Using Streamlit - Streamlit
Isnโ€™t there a better way?

@ snehankekre, may I pull you into this discussion? You left very useful advice here: When to use enableCORS and enableXsrfProtection parameters? - :balloon: Using Streamlit - Streamlit
However, I do not fully understand how to implement your solution. What object does self refer to in your case?
e.g. in your answer you describe self.set_header("Access-Control-Allow-Origin", "*"). I would replace the asterisk by my domain, but where do I find this self.set_header?

@marduk, may I ask you to comment my question as you have been on the cited thread, too.