Discourse Account Activation - Insecure Page Error

I have installed discourse on my subdomain which is using Cloudflare DNS and flexible SSL.

The problem is with Admin account activation after installation. The activation URL I get is “http” and when I open it the browser show error, nothing happens on clicking “click here to activate your account”.

Here are the console errors.

Refused to load the script https://ajax.cloudflare.com/cdn-cgi/scripts/a2bd7673/cloudflare-static/rocket-loader.min.js because it violates the following Content Security Policy directive: "script-src ‘unsafe-eval’ ‘report-sample’ <URL> <URL><URL>… Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

Mixed Content: The page at <URL> was loaded over HTTPS, but requested an insecure favicon <URL>. This request has been blocked; the content must be served over HTTPS.

Many of Cloudflare’s advanced features don’t work with Discourse, including the Rocket Loader. Disable all the optional features, including even the orange DNS, until you can ensure that your site is working.


Thanks. I disabled Rocket Loader. Now when I click on activation link, it says - “Sorry, this account confirmation link is no longer valid. Perhaps your account is already active?”

What’s the next step?

Request another activation

1 Like

Thanks. I resolved this by adding one more Admin contact and registering through it.

1 Like