Third-Party Cookies

Hey all, I have a Streamlit app deployed on Heroku with a Flask backend. I have a requirement for having 0 third-party cookies, which are currently showing up as the following:

  • I’ve tried to remove the _xsrf cookie using the enableXsrfProtection = false command in config.toml - this works locally, but not deployed.
  • The cookie is also empty and does not show up in developer tools.

I see this is set here, but wondering why the above config setting doesn’t disable it: streamlit/App.tsx at c1bfdd153b9f050d3606da0801e31636b2775784 · streamlit/streamlit · GitHub

Does anyone know what this cookie is and can help me remove this in Heroku deployment? And also is the local storage required for anything? Alternatively and more generally does anyone know if Streamlit can be deployed without third-party cookies?