I have a setup.sh file :
mkdir -p ~/.streamlit/
echo "\
[server]\n\
port=$PORT\n\
enableCORS=false\n\
headless=true\n\
\n\
" > ~/.streamlit/config.toml
When i deploy my app on Heroku : It gives Application error H14, while in my logs I can see a small overriding done:
2022-06-28T13:59:07.660953+00:00 heroku[wev.1]: Restarting
2022-06-28T13:59:07.663151+00:00 heroku[wev.1]: State changed from up to starting
2022-06-28T13:59:08.426158+00:00 heroku[wev.1]: Stopping all processes with SIGTERM
2022-06-28T13:59:08.470430+00:00 app[wev.1]: Stopping...
2022-06-28T13:59:08.740844+00:00 heroku[wev.1]: Process exited with status 0
2022-06-28T13:59:17.236832+00:00 heroku[wev.1]: Starting process with command `sh setup.sh && streamlit run app.py`
2022-06-28T13:59:17.842753+00:00 heroku[wev.1]: State changed from starting to up
2022-06-28T13:59:19.208294+00:00 app[wev.1]: 2022-06-28 13:59:19.208
2022-06-28T13:59:19.208305+00:00 app[wev.1]: Warning: the config option 'server.enableCORS=false' is not compatible with 'server.enableXsrfProtection=true'.
2022-06-28T13:59:19.208305+00:00 app[wev.1]: As a result, 'server.enableCORS' is being overridden to 'true'.
2022-06-28T13:59:19.208306+00:00 app[wev.1]:
2022-06-28T13:59:19.208306+00:00 app[wev.1]: More information:
2022-06-28T13:59:19.208307+00:00 app[wev.1]: In order to protect against CSRF attacks, we send a cookie with each request.
2022-06-28T13:59:19.208308+00:00 app[wev.1]: To do so, we must specify allowable origins, which places a restriction on
2022-06-28T13:59:19.208308+00:00 app[wev.1]: cross-origin resource sharing.
2022-06-28T13:59:19.208308+00:00 app[wev.1]:
2022-06-28T13:59:19.208309+00:00 app[wev.1]: If cross origin resource sharing is required, please disable server.enableXsrfProtection.
2022-06-28T13:59:19.208309+00:00 app[wev.1]:
2022-06-28T13:59:19.414636+00:00 app[wev.1]:
2022-06-28T13:59:19.414646+00:00 app[wev.1]: You can now view your Streamlit app in your browser.
2022-06-28T13:59:19.414656+00:00 app[wev.1]:
2022-06-28T13:59:19.414692+00:00 app[wev.1]: Network URL: http://172.19.20.38:24743
2022-06-28T13:59:19.414722+00:00 app[wev.1]: External URL: http://3.235.143.6:24743
2022-06-28T13:59:19.414734+00:00 app[wev.1]:
While running, it is overriding my enableCORS=false to true, I think which is causing my application error.
I have previously posted doubt related to "Application error" : Heroku app Application error even after successful deployment message
Do check it for setup.sh and Procfile details.
How can I disable the XsrfProtection??
Per the error, server.enableCORS=false is being overridden because server.enableXsrfProtection is set to true. The solution is to set server.enableXsrfProtection=false:
mkdir -p ~/.streamlit/
echo "
[server]
port=$PORT
enableXsrfProtection=false
enableCORS=false
headless=true
" > ~/.streamlit/config.toml
I am also obliged to note what this setting is protecting against, but assume you are familiar with the risks of toggling it off.