Fresh Discourse install on digitalocean, cannot activate account

Hello everyone, after following the guide for discourse here (https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md) I seem to run into an error that I cannot find anything on, When I connect to discourse to register my admin account and get to the wizard I type in my info, get an email and if I click on the link in the email I get to a page with a single button that says “Click here to activate your account”, but when clicking this button nothing happens, the errors I have in chromes console are as such

Refused to load the script '<URL>' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'report-sample' <URL> <URL> <URL> <URL> <URL> <URL> <URL> <URL> <URL> <URL> <URL>". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Has anyone else had this same issue?

2 Likes

Can you repro this @pmusaraj?

1 Like

A quick update, I installed a browser extension to disable CSP and discourse works, I was able to get through the setup wizard and get everything setup but as soon as I turn off the extension I get the infamous “white page of death”, is there anyway to disable CSP for discourse?

This might be a new bug in our install as CSP is on by default. It is urgent that @pmusaraj prioritize looking at this.

3 Likes

Also just to confirm you are not doing anything wacky like putting your site behind cloudflare, are you? If you are, disable it immediately and try again.

I cannot reproduce this. I tried on three separate environments:

  • a fresh install on DigitalOcean (after clicking on “Click here to activate your account”, I see the wizard loading, no console errors)
  • an install on DigitalOcean from a few days ago, I tested by signing up as a new user and activating the account, again no issues
  • an existing, active Discourse site, signed up as a new user, and activation process again worked without errors

@Airwarfare I’m also a little confused by the error message in your original post. Do you see literally <URL> <URL> <URL> ... in the Chrome console, or did you replace your site’s domain with a <URL> yourself when pasting the console error? Because if the actual output in Chrome console is <URL><URL>... then you’ve got a misconfigured site, the CSP policy should include several valid URLs.

7 Likes

I didn’t change the error that is exactly what I see in the chrome console, as for the site being misconfigured I am a bit confused, I bought a domain from GoDaddy and then a droplet from DigitalOcean, I am currently looking into changing the nginx config to try and fix the problem

In your DigitalOcean droplet, can you check what you have under DISCOURSE_HOSTNAME in containers/app.yml?

I currently have DISCOURSE_HOSTNAME: forums.mydomain.org where “mydomain” is the name of the domain I bought off of GoDaddy, and that is formatted exactly as I see it in the app.yml

Ok. And that domain’s DNS is configured correctly to point to the droplet and you are accessing the site using said domain?

The domain has an A record pointing the ip of the box and a TXT record for sparkpost’s email service, I have been typing in my domain name to get to the site but now that you mention it whenever I type in the domain once the site loads I see the ip in the url bar of chrome if that has anything of importance

That’s the issue. CSP only allows scripts to run on the configured domain, not the IP. You need to figure out why the domain is redirecting to the IP, you definitely don’t want that.

I just did a test on a DO instance and I could reproduce the original issue: I changed the hostname in my app.yml from my test domain name to the instance’s IP, rebuilt the container, and tried loading the site using the domain name, and I got the same error as you (white screen with the CSP error logs).

6 Likes

I changed the configuration on my domain so now when I go to the address I see the domain instead of the ip but I still have CSP errors in the chrome console, the domain I have setup in discourse is forums.mydomain.com the domain I see in chrome is www.forums.mydomain.com, when setting up discourse do I need to include the www?

No, you still have some kind of misconfiguration that’s forcing the redirect to www.forums.mydomain.com.

1 Like

Yup, Had a minor typo in the domain that I caught, everything is working now! no more CSP errors, thanks a lot I really appreciate your help and support!

4 Likes