Spaces:
Sleeping
Sleeping
Re-enable XSRF off (needed for HF Spaces iframe websocket)
Browse files- Dockerfile +5 -0
Dockerfile
CHANGED
|
@@ -29,8 +29,13 @@ EXPOSE 7860
|
|
| 29 |
# XSRF protection at their Streamlit defaults — disabling both at once puts
|
| 30 |
# Streamlit into a broken state where the websocket handshake never completes
|
| 31 |
# and the page renders an empty <div id="root">.
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32 |
CMD ["streamlit", "run", "app.py", \
|
| 33 |
"--server.port=7860", \
|
| 34 |
"--server.address=0.0.0.0", \
|
| 35 |
"--server.headless=true", \
|
|
|
|
| 36 |
"--browser.gatherUsageStats=false"]
|
|
|
|
| 29 |
# XSRF protection at their Streamlit defaults — disabling both at once puts
|
| 30 |
# Streamlit into a broken state where the websocket handshake never completes
|
| 31 |
# and the page renders an empty <div id="root">.
|
| 32 |
+
# XSRF protection must be off so that Streamlit accepts websocket frames
|
| 33 |
+
# from a parent iframe at a different origin (huggingface.co). Keep CORS
|
| 34 |
+
# enabled — turning *both* off puts Streamlit into a degraded state where
|
| 35 |
+
# it never finishes the websocket handshake.
|
| 36 |
CMD ["streamlit", "run", "app.py", \
|
| 37 |
"--server.port=7860", \
|
| 38 |
"--server.address=0.0.0.0", \
|
| 39 |
"--server.headless=true", \
|
| 40 |
+
"--server.enableXsrfProtection=false", \
|
| 41 |
"--browser.gatherUsageStats=false"]
|