I have posted the detail question on Stack Overflow: discourse email activation no longer works due to Content Security Policy violation - Stack Overflow I boostrapped discourse using my custom app.yml which uses the cloudflare template like so: templates: - "templates/postgres.template.yml" -…

This is a bit embarrassing - but I have found out why this was. Once everything was working without cloudflare, I added the nginx pagespeed module to my nginx config (pagespeed on;) This was the reason for this error :frowning: I found this out browsing through the console within DevTools. I apol…

You’ve included the cloudflare template which probably means you’re using it for SSL. But your CSP has all http schemes instead of https. If you access via https but the CSP says http, that’s a mismatch. You need to tell Discourse that it’s behind https if that’s the case. Try: SiteSetting.force_…

I would leave cloudflare of the mix until you get everything else up and running.

@supermathie : I have tried this approach now and I can confirm that it does not change the situation. @pfaffman : iI can confirm that it works fine without the CF template…, but not with it… is this a bug?

[imagem] 34563463456: it works fine without the CF template Do you have it working with https and without the orange cloud?

@pfaffman : yes it works with https without the orange cloud. So, the first time I set it up, it worked out of the box and since I did not use the cloudflare template I had no CSP issues. I just saw a post which mentioned: DISCORSE_ENABLE_CORS: true should be set. I havent tried it yet however (wil…

[imagem] 34563463456: BTW: I have an nginx front end with https (letsencrypt) serving a reverse proxy discourse instance. That would have been good to mention in the OP. You should probably have a look at the topics about running with an external nginx and look carefully at the stuff that se…

[imagem] 34563463456: it does not change the situation it should have changed the situation since now the CSP should be different

That’s a new one to me! I changed the title for others who might have the same issue

@pfaffman : Yea, I was surprised myself. I normally have pagespeed on; by default. Did not know this would cause trouble. Hopefully, someone can look into it - I dont really have the skills to debug this (never heard of CSP until a few days ago) :frowning: From what I could see, it was related t…

[imagem] 34563463456: I normally have pagespeed on; by default. That’s a bad idea in this day and age: [imagem] Install ngx_pagespeed support It will create only problems. The ngx_pagespeed was made when you can’t change the underlying website and need to fix it a…

Módulo externo nginx pagespeed causa violação de política de segurança

Suporte Instalação

Falco (Falco) Junho 27, 2019, 3:24pm 12

That’s a bad idea in this day and age:

Tópico		Respostas	Visualizações
Keyboard and mouse stopped working + content-security-policy error Self-hosting nginx	7	475	6 de Novembro de 2023
Refused to load the script 'site.com/cdn-cgi/speculation' because it violates the following Content Security Policy directive Support content-security-policy	4	8366	22 de Outubro de 2024
Mitigate XSS Attacks with Content Security Policy Site Management content-security-policy , how-to	32	24691	13 de Junho de 2023
Fresh Discourse install on digitalocean, cannot activate account Self-hosting	15	1503	21 de Janeiro de 2019
Using Discourse with Cloudflare: Best Practices Self-Hosting how-to , cloudflare	28	4861	26 de Abril de 2026

Módulo externo nginx pagespeed causa violação de política de segurança

Tópicos relacionados