OMERO.web not loading any data in Firefox seemingly due to bogus CSP policy

Hi,

I’m having an issue using OMERO.web with Firefox. I can connect to the client normally, but once logged in the client is not showing any data: the “Explore” tag on the left side of the interface, which should list the available datasets, remains empty and only shows a “loading…” text.

Firefox’s developer console shows the following errors:

Content Security Policy: The report URI (about:blank) should be an HTTP or HTTPS URI.
Content Security Policy: The page’s settings blocked the loading of a resource at blob:https://omero.local.incenp.org/2672e5f2-9818-419c-ad0a-f45a9ea9b72f (“worker-src”).

This seems related, since disabling Content-Security-Policy within Firefox (setting security.csp.enable to false in about:config) does allow the client to work normally. But I quite don’t understand how this could be a CSP issue, as there is not even a Content-Security-Policy header in the server’s replies…

Accessing the same OMERO.web instance with Safari under Mac OS X works without any issue.

I am at a loss to pinpoint the root cause of the issue, and whether there’s an error in my configuration or if it is somehow a Firefox bug.

Versions involved:

  • OMERO.server 5.6.3
  • OMERO.web 5.9.1
  • Python 3.8.3
  • Django 1.11.27
  • Firefox 88

The issue disappeared after switching to a new Firefox profile.

Not sure what was in my old profile that could have caused the problem, but at least it’s not a problem in my OMERO.web setup… I wish I had thought of trying that before messing around with the configuration for hours!

Anyway, sorry for the noise. Problem solved.

1 Like