Xsrf token is not getting push when file uploading is occurring in the iFrame

huzefa-zoaib-mbww · November 23, 2023, 5:44am

Hello Streamlit Community

My Streamlit App is running behind the Nginx Reverse Proxy, and app needs to be loaded in the iFrame that is another domain. The problem occurs when File Upload happens. App does not push the “_xsrf” with the upload request therefore it ends up with “403 - Forbidden Error” although “_xsrf” does exist in the browser, which I checked in the console using the “document.cookie.match(\\b_xsrf=([^;]*)\\b) = _xsrf=2|23c0b502|31aa44d92f082a09408755b05cde8027|1700714382”.

I have attached the screenshot of the browser for reference.
And Streamlit version is 1.26.0, and Python version is 3.9.6

Please advise, what can I do to make it work?
And to let you know, disabling CORS on Streamlit Server is the very last thing I would like to go for, if it is only the way.

Thanks in advance.

Screenshot:

huzefa-zoaib-mbww · November 29, 2023, 3:31am

Hi Community,
Any suggestions? Please.

system · May 27, 2024, 3:32am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
File Uploader: 403 error when embedding streamlit app in iframe Using Streamlit file-upload	8	2864	September 5, 2024
Azure AD, XSRF protection and st.file_uploader Deployment	2	1494	November 23, 2023
Streamlit, CORS and xsrf problems (?) Using Streamlit discussion	1	268	February 9, 2025
Deployment on Azure + AD Authentication enabled + st.file_uploader = 403 Forbidden Deployment azure	5	1970	April 11, 2024
Azure server.enableXsrfProtection + Streamlit App Deployment azure	1	1171	August 4, 2023

Xsrf token is not getting push when file uploading is occurring in the iFrame

Related topics

Hello there 👋🏻

Cookie settings

Strictly necessary cookies

Performance cookies

Functional cookies

Targeting cookies