When "upload_file_request_handler.py" returns 400 error, we can see session ID. #2803
Labels
area:deployment
Related to deploying Streamlit apps
feature:st.file_uploader
priority:P2
type:bug
Something isn't working

Summary
We make application on Microsoft Azure App Service with streamlit.
When we conducted a test of uploading file with
st.file_uploader, it returned 400 error and session ID as string.We checked your codes and noticed that we have 400 error,
streamlit/lib/streamlit/server/upload_file_request_handler.pyreturns error code 400, reason and session ID on line 126-128.This problem may lead to security incidents like XSS.
Please check it.
Steps to reproduce
Code snippet:
How the error occurred cannot be provided due to confidentiality,
Expected behavior:
When we have 400 error, streamlit will return only error code and error reason without session ID.
Actual behavior:
When we have 400 error, streamlit returns error code and error reason with session ID
Screenshots cannot be uploaded due to confidentiality.
Is this a regression?
That is, did this use to work the way you expected in the past?
yes / no
⇒no
Debug info
$ streamlit version)⇒0.74.1
$ python --version)⇒3.7
⇒Pip
⇒Linux
⇒Chrome 88.0.4324.150
The text was updated successfully, but these errors were encountered: