I upgraded to 1.30.0 from 1.29.0 and am getting this strange Axios error when uploading a local image file. Any idea why this happens? (I downgraded to continue my work.)
I tried starting vscode, through which I’m running Streamlit, as admin but that made no difference.
I talked to our dev team, and their suggestion is that it’s probably a CSRF issue, and if that you use a custom deployment (e.g. with a proxy), you need to either:
_streamlit_xsrf cookie name in your proxy layer@blackary Hi Zak - I’m running this on localhost on my PC. It’s through the vscode terminal window. I’ll upgrade again and try outside vscode just in case vscode has a built-in proxy that I’m not aware of.
Upgrading to 1.30.0 and running from the command line didn’t work. I don’t know how to whitelist _streamlit_xsrf (in my browser the cookie is _xsrf). I don’t have any proxies running. And I tried in Brave (shields down), chrome and edge.
Hey, @asehmi, thank you for testing!
it’s strange, have you tried deleting cookies and hard-refreshing the Stremalit app?
If that doesn’t help, could we have a short call next week, to try to debug together, if you have free time?
Hi - Yes, I tried incognito and several different browsers. In Brave, I turned off all shields. Eventually, I managed to get this working by setting the global config.toml server setting enableXsrfProtection = false. Not ideal, but had to find a workaround.
Happy to have a call next week.
@kajarenc @blackary
Thanks for helping resolve the issue, which was solved by refreshing my tornado package installation. For some reason my version of tornado was pointing to a virtual environment file and probably hasn’t refreshed for years! @kajarenc suggested running pip freeze to check I had at least v6.1 (which I didn’t) and then I ran pip install -U tornado to upgrade to v6.3. After this we cleared the browser cache and hard refreshed my app, and saw the correct _streamlit_xsrf cookie was being saved in the browser cookie jar. This can be confirmed in the response header for the /health network call and the app cookie jar explorer in dev tools.
After this the file_uploader axios 403 error vanished.
P.S. I also set the default enableXsrfProtection back to true!
Thanks again.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us understand how visitors move around the site and which pages are most frequently visited.
These cookies are used to record your choices and settings, maintain your preferences over time and recognize you when you return to our website. These cookies help us to personalize our content for you and remember your preferences.
These cookies may be deployed to our site by our advertising partners to build a profile of your interest and provide you with content that is relevant to you, including showing you relevant ads on other websites.