How to use "enableXsrfProtection = false"

I am getting 403 status code while deploying in streamlit , found this “enableXsrfProtection = false” on Streamlit documentation.
Code is in Github( and requirments.txt)

import requests
import pandas as pd

url = ""
hdr = {'User-Agent': 'Mozilla/5.0......}
l1 = pd.read_csv(url,headers = hdr)
l1 = l1[['SYMBOL','CLOSE']]

The code works fine locally, but returns 403 only when deploying
Where should I add “enableXsrfProtection = false” ?

I’m not sure whether that setting will work when deploying on Streamlit Cloud, but you can create a folder called .streamlit and put a file in there called config.toml – see Configuration - Streamlit Docs for more details

That being said, I don’t think you should need any special permissions to access that file with pandas. Since it’s publicly available, you shouldn’t even need to pass any special headers. Have you tried it without passing any headers?

Hi @blackary Thanks for the response!
Yeah, I have tried without headers as well, couldn’t fetch the data.

Could you please explain in brief, as I’m new to this and still exploring. Should I create a file (.streamlit) in GitHub in the same repo?
What are the contents should I put in that file?

Thank you!

  1. Make a folder in the same folder as your streamlit app, and call it .streamlit

  2. Inside that folder, make a file called config.toml

  3. Inside that config.toml file, put these lines:

enableXsrfProtection = false

4, Commit that new file and push it to github