Disable XSRF protection in StreamlitFrontend to support upload in localhost

src/lightning_app/frontend/stream_lit.py

@@ -62,6 +62,7 @@ def __init__(self, render_fn: Callable) -> None:
 
     def start_server(self, host: str, port: int) -> None:
         env = os.environ.copy()
+        is_localhost = "LIGHTNING_APP_STATE_URL" not in env
         env["LIGHTNING_FLOW_NAME"] = self.flow.name
         env["LIGHTNING_RENDER_FUNCTION"] = self.render_fn.__name__
         env["LIGHTNING_RENDER_MODULE_FILE"] = inspect.getmodule(self.render_fn).__file__
@@ -83,6 +84,8 @@ def start_server(self, host: str, port: int) -> None:
                     self.flow.name,
                     "--server.headless",
                     "true",  # do not open the browser window when running locally
+                    "--server.enableXsrfProtection",
+                    "false" if is_localhost else "true",
                 ],
                 env=env,
                 stdout=stdout,

tests/tests_app/frontend/test_stream_lit.py

@@ -54,6 +54,8 @@ def test_streamlit_frontend_start_stop_server(subprocess_mock):
         "root.my.flow",
         "--server.headless",
         "true",
+        "--server.enableXsrfProtection",
+        "false",
     ]
 
     assert env_variables["LIGHTNING_FLOW_NAME"] == "root.my.flow"