Hi everyone I’m currently facing a challenge with my Streamlit app, which is hosted on Heroku. I’m trying to embed this app in an iframe within my Next.js application, hosted on a different domain. When I attempt to upload a CSV file through the Streamlit app in the iframe, I encounter a “AxiosErro…

Handling CORS for Streamlit App on Heroku When Embedded in an Iframe

milappert February 15, 2024, 6:11pm 2

I solved the CORS issue with my Streamlit app in an iframe by updating the setup.sh file. The full file now looks like this:

mkdir -p ~/.streamlit/

echo "\
[server]\n\
headless = true\n\
port = \$PORT\n\
enableXsrfProtection=false\n\
enableCORS = false\n\
" > ~/.streamlit/config.toml

This turns off CORS and XSRF protection, which fixed the upload problem for me. Be aware that turning these off can affect your app’s security.

before i had only the enableCORS = false part.

A similar issue was discussed in AxiosError: Request failed with status code 403.

1 Like

Topic		Replies	Views
Embedded Streamlit App as iframe: XMLHttpRequest and CORS errors Community Cloud	1	973	April 11, 2024
File Uploader: 403 error when embedding streamlit app in iframe Using Streamlit file-upload	8	3000	September 5, 2024
AxiosError: Request failed with status code 403 Using Streamlit file-upload	30	33085	June 25, 2025
CORS problem with components.html() and components.iframe() Using Streamlit	1	2106	January 12, 2022
Deny embedding of my streamlit app in an inframe Using Streamlit discussion	4	180	August 29, 2024

Handling CORS for Streamlit App on Heroku When Embedded in an Iframe

Related topics

Hello there 👋🏻

Cookie settings

Strictly necessary cookies

Performance cookies

Functional cookies

Targeting cookies