From 50e2ec73467442e9b8618c39d0cdff3c3bc00e73 Mon Sep 17 00:00:00 2001 From: Luca Antiga Date: Tue, 22 Nov 2022 08:49:10 +0100 Subject: [PATCH] Disable XSRF protection in StreamlitFrontend to support upload in localhost (#15684) * Enable CORS in StreamlitFrontend to support upload * Only disable XSRF when running on localhost * Update test * Use utility fn to detect if localhost Co-authored-by: Luca Antiga (cherry picked from commit ed3eef0a3f253da99dde6cd1f067abe86e8ca176) --- src/lightning_app/frontend/stream_lit.py | 3 +++ tests/tests_app/frontend/test_stream_lit.py | 2 ++ 2 files changed, 5 insertions(+) diff --git a/src/lightning_app/frontend/stream_lit.py b/src/lightning_app/frontend/stream_lit.py index bc5ec21fb830c..e72248432441b 100644 --- a/src/lightning_app/frontend/stream_lit.py +++ b/src/lightning_app/frontend/stream_lit.py @@ -6,6 +6,7 @@ import lightning_app from lightning_app.frontend.frontend import Frontend +from lightning_app.utilities.cloud import is_running_in_cloud from lightning_app.utilities.imports import requires from lightning_app.utilities.log import get_logfile @@ -83,6 +84,8 @@ def start_server(self, host: str, port: int) -> None: self.flow.name, "--server.headless", "true", # do not open the browser window when running locally + "--server.enableXsrfProtection", + "true" if is_running_in_cloud() else "false", ], env=env, stdout=stdout, diff --git a/tests/tests_app/frontend/test_stream_lit.py b/tests/tests_app/frontend/test_stream_lit.py index cd3a394a89d75..1b3be42c0ae6f 100644 --- a/tests/tests_app/frontend/test_stream_lit.py +++ b/tests/tests_app/frontend/test_stream_lit.py @@ -54,6 +54,8 @@ def test_streamlit_frontend_start_stop_server(subprocess_mock): "root.my.flow", "--server.headless", "true", + "--server.enableXsrfProtection", + "false", ] assert env_variables["LIGHTNING_FLOW_NAME"] == "root.my.flow"