Disable XSRF protection in StreamlitFrontend to support upload in localhost (#15684)

lantiga · web-flow · commit ed3eef0a3f25 · 2022-11-22T07:49:10.000Z
* Enable CORS in StreamlitFrontend to support upload
* Only disable XSRF when running on localhost
* Update test
* Use utility fn to detect if localhost

Co-authored-by: Luca Antiga &lt;luca@lightning.ai&gt;
diff --git a/src/lightning_app/frontend/stream_lit.py b/src/lightning_app/frontend/stream_lit.py
@@ -6,6 +6,7 @@
 
 import lightning_app
 from lightning_app.frontend.frontend import Frontend
+from lightning_app.utilities.cloud import is_running_in_cloud
 from lightning_app.utilities.imports import requires
 from lightning_app.utilities.log import get_logfile
 
@@ -83,6 +84,8 @@ def start_server(self, host: str, port: int) -> None:
                     self.flow.name,
                     "--server.headless",
                     "true",  # do not open the browser window when running locally
+                    "--server.enableXsrfProtection",
+                    "true" if is_running_in_cloud() else "false",
                 ],
                 env=env,
                 stdout=stdout,
diff --git a/tests/tests_app/frontend/test_stream_lit.py b/tests/tests_app/frontend/test_stream_lit.py
@@ -54,6 +54,8 @@ def test_streamlit_frontend_start_stop_server(subprocess_mock):
         "root.my.flow",
         "--server.headless",
         "true",
+        "--server.enableXsrfProtection",
+        "false",
     ]
 
     assert env_variables["LIGHTNING_FLOW_NAME"] == "root.my.flow"

Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,8 @@ def test_streamlit_frontend_start_stop_server(subprocess_mock):`
`54`	`54`	`"root.my.flow",`
`55`	`55`	`"--server.headless",`
`56`	`56`	`"true",`
	`57`	`+ "--server.enableXsrfProtection",`
	`58`	`+ "false",`
`57`	`59`	`]`
`58`	`60`
`59`	`61`	`assert env_variables["LIGHTNING_FLOW_NAME"] == "root.my.flow"`