I looked at the console.log and saw these errors. Why could it be? Google Analytics does not see the AdSense user approval feature. That’s why I noticed it when I looked at the console area. What do you think could be the reason?
Error
Refused to load the script ‘https://xxxx.com/cdn-cgi/speculation’ because it violates the following Content Security Policy directive: “script-src ‘nonce-7mgUxkI7bU1WPKnOwauZMiIwN’ ‘strict-dynamic’”.
Load failed or canceled (net::ERR_ABORTED) for rule set requested from “https://xxxx.com/cdn-cgi/speculation” found in Speculation-Rules header.
There is another recent topic related to content security policy errors with a script at https://forum.example.com/cdn-cgi/speculation: Issue with Activate Account Page After Update to 3.4.0 (Blank Page). I’m wondering if something has changed recently either on Cloudflare or on Discourse.
My understanding is that the /cdn-cgi/speculation endpoint is added to domains registered on Cloudflare if “Speed Brain” is enabled. It is intended to allow Cloudflare to prefetch page content when a user hovers over a link. I’m not sure if it’s compatible with Discourse.
What version of Discourse is your site on?
Are you getting any errors on the site, or are you just seeing the CSP error in the console?
Can you try disabling Speed Brain? It seems that it’s enabled by default. It can be disabled from the “Speed” tab of your Cloudflare dashboard: Speed Brain | Cloudflare Speed docs.
I didn’t know about this new feature of Cloudflare, I haven’t entered the panel for a long time, this is something new. After disabling it, the errors disappeared. I guess this feature has no use in systems like Discourse, or did I misunderstand?
I don’t think it could work with Discourse. My guess is that it attempts to pre-fetch HTML. Discourse is a javascript application, so pre-fetching HTML will not work.
