Handling CORS for Streamlit App on Heroku When Embedded in an Iframe

I solved the CORS issue with my Streamlit app in an iframe by updating the setup.sh file. The full file now looks like this:

mkdir -p ~/.streamlit/

echo "\
[server]\n\
headless = true\n\
port = \$PORT\n\
enableXsrfProtection=false\n\
enableCORS = false\n\
" > ~/.streamlit/config.toml

This turns off CORS and XSRF protection, which fixed the upload problem for me. Be aware that turning these off can affect your app’s security.

before i had only the enableCORS = false part.

A similar issue was discussed in AxiosError: Request failed with status code 403.

1 Like