Google Cloud Run + IAP - "You must enable Javascript to run this app."

Hi all,

We have a bunch of Streamlit apps deployed on Google AppEngine, but GAE doesn’t scale to zero instances which is big issue for the cost of low-traffic applications.

Cloud Run seems to be a cheaper alternative, but requires a bit more configuration to get Identity-Aware Proxy working - we have an External HTTPS Load Blancer with a Serverless cloud-run back-end in front of it, and use IAP for user auth.

Disabling authentication and accessing the Cloud Run instance directly works perfectly (so we know the container is healthy), but when I funnel traffic through the load balancer we get the White Screen of Death, a 404, and “You must enable Javascript to run this app.”

So: traffic is hitting the instance, but Streamlit is refusing to serve the Javascript.

My guess is that the proxied connection isn’t browser-based (the load balancer connects to your app, you never connect directly), so the Streamlit server doesn’t serve the JS, but I’m stuck on how to get around this. I need Streamlit to behave as it would if we were connecting directly.

This example project uses essentially the same TF configuration as I do: GitHub - tosh2230/streamlit-run: Streamlit apps on Cloud Run with Identity-Aware Proxy (IAP).
On this medium blog the author casually drops that he uses IAP but doesn’t go into detail:
A Practical Use-Case of Cloud-Native and Secured Dashboard with Google Cloud and Python Streamlit | by Ryo Koyajima / 小矢島 諒 | Medium

Has anyone else faced this issue and overcome it? Based on the two linked blogs, it seems like it should ‘just work’. I’m not sure if there’s no discussion of this in the forum because no one has ever tried before, or because everyone has found this so easy and I’m missing something obvious.

Any advice would be appreciated!

Hi @JamesPenny, looks like I followed unknowingly in your footsteps with this setup. We had working Streamlit apps deployed on without authentication, but had the same “You must enable javascript to run this app” error on the page once IAP was implemented…

Have you found a solution to this issue you would be willing to share?

Thanks in advance!

Sorry, no luck I’m afraid! Since making this post we had our contact in GCP do up a PoC for us in his sandpit and it worked right out of the box. We’ve compared notes and it seems like there’s nothing different in the config, but obviously there is something in there!

There’s definitely some detail in the way our network, IAP OAuth, or ILB is set up but I’ve not had time to really sit down and work through it recently.

If we could get Streamlit to spit out the headers/packets it’s getting, we might be able to see what the IAP redirect is doing to cause this, but unfortunately it seems like there’s no way of running code to print that stuff ahead of the JS (unless we do something mad with local proxies on the container)

Thanks for the quick reply, James! That’s unfortunate to hear.

Our setup is fairly new, so I might try and rebuild the whole streamlit/cloud run stack and see if I can make some progress.