@pfaffman: yes it works with https without the orange cloud. So, the first time I set it up, it worked out of the box and since I did not use the cloudflare template I had no CSP issues.
I just saw a post which mentioned: DISCORSE_ENABLE_CORS: true should be set. I havent tried it yet however (will try in few mins)
BTW: I have an nginx front end with https (letsencrypt) serving a reverse proxy discourse instance. Thus I had commented out templates/web.ssl.template.yml - do you think should include this now that I have the cloudflare template on?