Bad CSP policy JS file

Hi,

I installed Discourse instance yesterday, and today it shows dark page and in console I see

Refused to load the script 'https://ajax.cloudflare.com/cdn-cgi/scripts/95c75768/cloudflare-static/rocket-loader.min.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'report-sample' [url]/logs/ [url]/sidekiq/ [url]/mini-profiler-resources/ [url]/assets/ [url]/brotli_asset/ [url]/extra-locales/ [url]/highlight-js/ [url]/javascripts/ [url]/plugins/ [url]/theme-javascripts/ [url]/svg-sprite/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
A bad HTTP response code (404) was received when fetching the script.

How can I fix it?

Disable cloudflare for your site in your cloudflare control panel. The Rocket Loader feature in particular is absolutely incompatible with Discourse.

1 Like