Xsrf token is not getting push when file uploading is occurring in the iFrame

Hello Streamlit Community

My Streamlit App is running behind the Nginx Reverse Proxy, and app needs to be loaded in the iFrame that is another domain. The problem occurs when File Upload happens. App does not push the “_xsrf” with the upload request therefore it ends up with “403 - Forbidden Error” although “_xsrf” does exist in the browser, which I checked in the console using the “document.cookie.match(\\b_xsrf=([^;]*)\\b) = _xsrf=2|23c0b502|31aa44d92f082a09408755b05cde8027|1700714382”.

I have attached the screenshot of the browser for reference.
And Streamlit version is 1.26.0, and Python version is 3.9.6

Please advise, what can I do to make it work?
And to let you know, disabling CORS on Streamlit Server is the very last thing I would like to go for, if it is only the way.

Thanks in advance.


Hi Community,
Any suggestions? Please.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.