Content Security Policy: The settings of the page have blocked the loading of a resource ("script-src")

Hi, I have set up discourse via Docker, but the error mentioned in the title only appears.

Which installation method did you use, and what have you configured besides the core install process itself?

1 Like

I have once set up the images individually and via docker-compose! However, the error remains!

In what way should I be able to have configured something else?

I’m afraid this is not enough information for people to offer advice. Did you follow the standard install guide?

If you could include some details about your setup, exactly how you installed Discourse, and anything else that you may have done, people may be able to offer you some insights. :+1:


If you used docker-compose, then it’s not a standard install. Maybe you used bitnami (which is not supported here)? If you can get to the admin/settings, you might be able to add whatever domain that whatever is trying to refer to if you search the settings for “content security”.

Why is this forced on port 80 and 443?


Can i change this?

I don’t know. You clearly do not have a standard install, and haven’t explained how you installed.

I dont’ know what is forcing what on port 80 and 443.

If you want good help, you should use a standard install. If you want any help, you will need to say more about how you installed.

Well, I use the standard installation, which forces port 80 and 443.

So you didn’t use docker-compose?

Yes, the standard install requires ports 80 and 443 and turns on https and force_https. You shouldn’t have the problem that you describe if you did a standard install.

You ran discourse-setup to install?

The thing is, I want to run discourse on other ports and include it in my Apache2 via reverse proy…

Perhaps if you will say how you installed, someone else can help you. Maybe you want Set up Discourse on a server with existing Apache sites.

I have already said! About the standard installation!!!

Of course you can. You should expose for example - "83:80" on app.yml, or what ever port your reverse proxy uses to send traffic to backend. Or you can use websocket.

You want to use a reverse proxy that is not a standard install.

I have, but the site is not accessible

Then your settings are wrong. What is an issue is close to impossible guess. Don’t use CSP, that would be the first move. But are both, Apache2 and Discourse, on same server? Is your conf of Apache2 right? Etc, etc.

Again as said — you don’t use standard install.

I cannot use the standard install! Sorry, but what’s so hard to understand about that? I already have Apache2 running, and I don’t see the point of shutting it down just because Discourse doesn’t think it’s flexible enough to use other ports

That is the problem with the whole thing

My Apache2 Conf:

<VirtualHost *:80>
    ServerName <domain>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

<VirtualHost *:443>
    ServerName <domain>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine On
    SSLCertificateFile    /etc/letsencrypt/live/<domain>/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/<domain>/fullchain.pem

    ProxyPass /
    ProxyPassReverse /


  - "90:80"   # http
  - "100:443" # https

Perhaps not that hard than understand you get support from the team only for standard installs. That’s why you have to hope someone from us, ordinary members, can help you.

And because you don’t tell anything it is a bit bard task. We can’t guess is your conf right or if you have directed to right port at app.yml. We don’t know absolut anything of your setup.

Of course it is. Using reverse proxy front of Discourse is quite trivial — outside docker anyway. You just have to expose right ports or use websocket, if those two are on same server.

Have you done it? I don’t know and my cards didn’t tell :wink:

And again — if CSP is an issue don’t use it until you figure out what’s fighting back.

1 Like