Unsubscribe page doesn't have a submit button due to Cloudflare

Our users started complaining that the unsubscribe page (from summary emails) doesn’t have a submit button and doesn’t work after i checked the page i can see this:

Screenshot 2020-04-21 at 01.35.092570×1320 108 KB

A submit button is nowhere to be seen on the page.

The console has these errors:

The FetchEvent for "https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1687584696&t=pageview&_s=1&dl=https%3A%2F%2Fmydomain.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=MyDomain&sd=24-bit&sr=1680x1050&vp=1680x939&je=0&_u=CACAAAAB~&jid=1509883826&gjid=448482383&cid=264324569.1586166300&uid=15&tid=UA-55573518-16&_gid=1087251009.1587052456&_r=1&z=1378394722" resulted in a network error response: the promise was rejected.
NetworkFirst.mjs:167 Uncaught (in promise) no-response: no-response :: [{"url":"https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1687584696&t=pageview&_s=1&dl=https%3A%2F%2Fmydomain.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=MyDomain&sd=24-bit&sr=1680x1050&vp=1680x939&je=0&_u=CACAAAAB~&jid=1509883826&gjid=448482383&cid=264324569.1586166300&uid=15&tid=UA-55573518-16&_gid=1087251009.1587052456&_r=1&z=1378394722"}]
    at a.makeRequest (https://mydomain.com/javascripts/workbox/workbox-strategies.prod.js:1:2145)
51d5760db57884c972254b1171ee83015edf29bb5a6588fa15afd90bf19cd856:1 A cookie associated with a cross-site resource at http://clickfunnels.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
1aeeb5a3adae2c127f9e6aafa5d5e1e46c257be5.js?__ws=mydomain.com:5 Refused to load the script 'https://connect.facebook.net/en_US/fbevents.js' because it violates the following Content Security Policy directive: "script-src 'report-sample' https://mydomain.com/logs/ https://mydomain.com/sidekiq/ https://mydomain.com/mini-profiler-resources/ https://mydomain.com/assets/ https://mydomain.com/brotli_asset/ https://mydomain.com/extra-locales/ https://mydomain.com/highlight-js/ https://mydomain.com/javascripts/ https://mydomain.com/plugins/ https://mydomain.com/theme-javascripts/ https://mydomain.com/svg-sprite/ https://www.google-analytics.com/analytics.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

(anonymous) @ 1aeeb5a3adae2c127f9e6aafa5d5e1e46c257be5.js?__ws=mydomain.com:5
51d5760db57884c972254b1171ee83015edf29bb5a6588fa15afd90bf19cd856:1 Refused to load the script 'https://mydomain.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js' because it violates the following Content Security Policy directive: "script-src 'report-sample' https://mydomain.com/logs/ https://mydomain.com/sidekiq/ https://mydomain.com/mini-profiler-resources/ https://mydomain.com/assets/ https://mydomain.com/brotli_asset/ https://mydomain.com/extra-locales/ https://mydomain.com/highlight-js/ https://mydomain.com/javascripts/ https://mydomain.com/plugins/ https://mydomain.com/theme-javascripts/ https://mydomain.com/svg-sprite/ https://www.google-analytics.com/analytics.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Any help would be really appreciated!

No repro on a live customer site when I select unsubscribe from a weekly digest / summary email … the color scheme is off though:

image968×683 38.9 KB

That [email protected] implies the forum is being served through Cloudflare. Make sure to disable all the special Cloudflare performance features.

I disabled all features that I can from Cloudflare but still the same, also shouldn’t Discourse work regardless of Discourse configuration (such as Proxy, and CSS minify which were the only two settings i’ve used)!

It’s impossible to ensure correctness if a man in the middle can change your responses in an unpredictable way

True! but discourse is kind of a must for a forum to speed it up and lower bandwidth consumption as well… I’ll see what i can find to work around it…

The awkward thing is Everything else works absolutely fine! for over 4 years now been using Discourse on 3 forums and all working fine except that feature! so something is not right i guess…

Maybe contact Cloudflare support to help figure out what’s still enabled? Or just grey cloud the forum.

You can configure a second orange cloud domain as a CDN for the forum, there’s some guides on Meta for how to do that.

That’s not true. Cloudflare slows down many aspects of discourse. Moreso if those additional features are enabled. Discourse is an application, not a website, routing requests from the client app in your browser through Cloudflare to the backend server increases latency substantially.

Cloudflare cannot optimize the javascript payload better than Discourse already does, and when such optimizations are enabled it creates precisely the problems you’re experiencing.

At the minimum you need a new page rule to ‘Disable Performance’ for your Discourse domain on CloudFlare, we can’t do anything to support your installation while those features are enabled. The rule needs to look something like this:

1380×538 43.8 KB

But for now to troubleshoot the problems the orange cloud should be off.

You can configure a caching rule which caches everything in uploads, but honestly you’re going to be much better off using a real CDN.