PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Tuesday, September 6, 2022

[FIXED] How to disable XsrfProtection #streamlit

 September 06, 2022     heroku, sh, streamlit, web-deployment     No comments   

Issue

I have a setup.sh file :

mkdir -p ~/.streamlit/
echo "\
[server]\n\
port=$PORT\n\
enableCORS=false\n\
headless=true\n\
\n\
" > ~/.streamlit/config.toml

When i deploy my app on Heroku : It gives Application error H14, while in my logs I can see a small overriding done:

2022-06-28T13:59:07.660953+00:00 heroku[wev.1]: Restarting
2022-06-28T13:59:07.663151+00:00 heroku[wev.1]: State changed from up to starting
2022-06-28T13:59:08.426158+00:00 heroku[wev.1]: Stopping all processes with SIGTERM
2022-06-28T13:59:08.470430+00:00 app[wev.1]:   Stopping...
2022-06-28T13:59:08.740844+00:00 heroku[wev.1]: Process exited with status 0
2022-06-28T13:59:17.236832+00:00 heroku[wev.1]: Starting process with command `sh setup.sh && streamlit run app.py`
2022-06-28T13:59:17.842753+00:00 heroku[wev.1]: State changed from starting to up
2022-06-28T13:59:19.208294+00:00 app[wev.1]: 2022-06-28 13:59:19.208 
2022-06-28T13:59:19.208305+00:00 app[wev.1]: Warning: the config option 'server.enableCORS=false' is not compatible with 'server.enableXsrfProtection=true'.
2022-06-28T13:59:19.208305+00:00 app[wev.1]: As a result, 'server.enableCORS' is being overridden to 'true'.
2022-06-28T13:59:19.208306+00:00 app[wev.1]: 
2022-06-28T13:59:19.208306+00:00 app[wev.1]: More information:
2022-06-28T13:59:19.208307+00:00 app[wev.1]: In order to protect against CSRF attacks, we send a cookie with each request.
2022-06-28T13:59:19.208308+00:00 app[wev.1]: To do so, we must specify allowable origins, which places a restriction on
2022-06-28T13:59:19.208308+00:00 app[wev.1]: cross-origin resource sharing.
2022-06-28T13:59:19.208308+00:00 app[wev.1]: 
2022-06-28T13:59:19.208309+00:00 app[wev.1]: If cross origin resource sharing is required, please disable server.enableXsrfProtection.
2022-06-28T13:59:19.208309+00:00 app[wev.1]:             
2022-06-28T13:59:19.414636+00:00 app[wev.1]: 
2022-06-28T13:59:19.414646+00:00 app[wev.1]:   You can now view your Streamlit app in your browser.
2022-06-28T13:59:19.414656+00:00 app[wev.1]: 
2022-06-28T13:59:19.414692+00:00 app[wev.1]:   Network URL: http://172.19.20.38:24743
2022-06-28T13:59:19.414722+00:00 app[wev.1]:   External URL: http://3.235.143.6:24743
2022-06-28T13:59:19.414734+00:00 app[wev.1]: 

While running, it is overriding my enableCORS=false to true, I think which is causing my application error.

I have previously posted doubt related to "Application error" : Heroku app Application error even after successful deployment message
Do check it for setup.sh and Procfile details.

How can I disable the XsrfProtection??


Solution

Per the error, server.enableCORS=false is being overridden because server.enableXsrfProtection is set to true. The solution is to set server.enableXsrfProtection=false:

mkdir -p ~/.streamlit/
echo "
[server]
port=$PORT
enableXsrfProtection=false
enableCORS=false
headless=true
" > ~/.streamlit/config.toml

I am also obliged to note what this setting is protecting against, but assume you are familiar with the risks of toggling it off.



Answered By - axsyse
Answer Checked By - Marilyn (PHPFixing Volunteer)
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © PHPFixing