Bad CSP policy JS file


I installed Discourse instance yesterday, and today it shows dark page and in console I see

Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'report-sample' [url]/logs/ [url]/sidekiq/ [url]/mini-profiler-resources/ [url]/assets/ [url]/brotli_asset/ [url]/extra-locales/ [url]/highlight-js/ [url]/javascripts/ [url]/plugins/ [url]/theme-javascripts/ [url]/svg-sprite/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
A bad HTTP response code (404) was received when fetching the script.

How can I fix it?

Disable cloudflare for your site in your cloudflare control panel. The Rocket Loader feature in particular is absolutely incompatible with Discourse.

1 Like