Upgrade vom 2.4.0-debian to 3.5.0-ce - CSP errors


I upgraded the Docker version 2.4.0-debian to 3.5.0-ce. Migrations ran successfully.
The server key changed and I approved, then I signed in which also worked but after that I receive CSP errors within the browser console and don’t see the UI as usual. I provide a screenshot how it looks like.

The only log entries I receive when reloading the page are those:

passwords_passbolt.1.uniqid@server    | - - [25/Apr/2022:12:43:42 +0000] "GET / HTTP/1.1" 200 1186 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0"
passwords_passbolt.1.uniqid@server    | - - [25/Apr/2022:12:43:42 +0000] "GET /js/app/stylesheet.js?v=3.5.0 HTTP/1.1" 304 0 "https://passbolt.ourcompany.net/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0"
passwords_passbolt.1.uniqid@server    | - - [25/Apr/2022:12:43:42 +0000] "GET /auth/checksession.json HTTP/1.1" 404 233 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0"

Passbolt is deployed on a Docker Swarm. So far it works except of the CSP errors which prevent us from accessing our passwords. Therefore it’s a critical issue for us. Please let us know which information you need or if you have a solution for this one already.

EDIT: I recovered my account on a different Browser (Brave) and there I can access everything normally - so maybe this issue is just with Firefox 99.0 (64-Bit) on Kubuntu?

[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue


Normally there should not be any blocking “eval” or inline-script in the latest version of passbolt (the lib loaded have eval, for example to understand the context, but they are not required, so it’s ok if they are blocked).

This call tells me that the extension may not understand the upgrade, as this endpoint doesn’t exist:


I think the extension may think you’re still logged in a 2.4. so I would:

  • Clear the cache and cookies in the old browser
  • Run a ./bin/cake passbolt cleanup command to check for any data integrity issue post migration

Thank you. As it works with another browser, I try to delete the extension from Firefox and do a recovery in here too. I think this might be the solution. Thank you!