diff --git a/changedetectionio/processors/__init__.py b/changedetectionio/processors/__init__.py
index 944a0085..d2e5ee5c 100644
--- a/changedetectionio/processors/__init__.py
+++ b/changedetectionio/processors/__init__.py
@@ -2,9 +2,9 @@ from abc import abstractmethod
 import os
 import hashlib
 import re
-from copy import deepcopy
-
 from changedetectionio import content_fetcher
+from copy import deepcopy
+from distutils.util import strtobool
 
 class difference_detection_processor():
 
@@ -19,15 +19,15 @@ class difference_detection_processor():
         self.datastore = datastore
         self.watch = deepcopy(self.datastore.data['watching'].get(watch_uuid))
 
-        # Protect against file:// access
-        if re.search(r'^file', self.watch.get('url', ''), re.IGNORECASE) and not os.getenv('ALLOW_FILE_URI', False):
-            raise Exception(
-                "file:// type access is denied for security reasons."
-            )
-
-
     def call_browser(self):
 
+        # Protect against file:// access
+        if re.search(r'^file://', self.watch.get('url', '').strip(), re.IGNORECASE):
+            if not strtobool(os.getenv('ALLOW_FILE_URI', 'false')):
+                raise Exception(
+                    "file:// type access is denied for security reasons."
+                )
+
         url = self.watch.link
 
         # Requests, playwright, other browser via wss:// etc, fetch_extra_something
diff --git a/changedetectionio/tests/test_security.py b/changedetectionio/tests/test_security.py
index 08a69eeb..406a5401 100644
--- a/changedetectionio/tests/test_security.py
+++ b/changedetectionio/tests/test_security.py
@@ -1,5 +1,5 @@
 from flask import url_for
-from . util import set_original_response, set_modified_response, live_server_setup
+from .util import set_original_response, set_modified_response, live_server_setup, wait_for_all_checks
 import time
 
 
@@ -12,6 +12,7 @@ def test_bad_access(client, live_server):
     )
 
     assert b"1 Imported" in res.data
+    wait_for_all_checks(client)
 
     # Attempt to add a body with a GET method
     res = client.post(
@@ -59,7 +60,7 @@ def test_bad_access(client, live_server):
         data={"url": 'file:///tasty/disk/drive', "tags": ''},
         follow_redirects=True
     )
-    time.sleep(1)
+    wait_for_all_checks(client)
     res = client.get(url_for("index"))
 
     assert b'file:// type access is denied for security reasons.' in res.data
\ No newline at end of file