Hugging Face's logo

Spaces:
Dmitry057
/
arxiv-topic-classifier
Sleeping

App Files Community
Dmitry057 commited on
Commit
49abc60
·
verified ·
1 Parent(s): e40613d

Drop --server.enableCORS=false / enableXsrfProtection=false (was breaking iframe embed)

Browse files
Files changed (1) hide show
  1. Dockerfile +4 -3
Dockerfile CHANGED
@@ -25,11 +25,12 @@ EXPOSE 7860
25
 
26
  # Streamlit needs to listen on 0.0.0.0 inside the container so the Space's
27
  # reverse proxy can reach it. --server.headless avoids opening a browser
28
- # during launch (no display in a container).
 
 
 
29
  CMD ["streamlit", "run", "app.py", \
30
  "--server.port=7860", \
31
  "--server.address=0.0.0.0", \
32
  "--server.headless=true", \
33
- "--server.enableCORS=false", \
34
- "--server.enableXsrfProtection=false", \
35
  "--browser.gatherUsageStats=false"]
 
25
 
26
  # Streamlit needs to listen on 0.0.0.0 inside the container so the Space's
27
  # reverse proxy can reach it. --server.headless avoids opening a browser
28
+ # during launch (no display in a container). We deliberately keep CORS and
29
+ # XSRF protection at their Streamlit defaults — disabling both at once puts
30
+ # Streamlit into a broken state where the websocket handshake never completes
31
+ # and the page renders an empty <div id="root">.
32
  CMD ["streamlit", "run", "app.py", \
33
  "--server.port=7860", \
34
  "--server.address=0.0.0.0", \
35
  "--server.headless=true", \
 
 
36
  "--browser.gatherUsageStats=false"]