How come this happen, and how to fix this (I already upgraded to lastest version of Discourse, and this still happen even when I switch to default theme)? Could someone help, thank you!
Have You tried to see the network requests? This can be due to CSP
I am not sure how to check it, could you please help me more about this? I am not really familiar with Discourse honestly.
When I check the source page, it show warning
Refused to load the script ‘https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js’ because it violates the following Content Security Policy directive: "script-src ‘report-sample’
My site use CDN Cloudflare, but this error never happen before. Is this because new version of Discourse? And should I temporary disable Rocket Loader in Clouldflare?
Disable cloudflare and your problem will be solved.
Does it work in Firefox?
Create a page rule to “disable performance” for your discourse install.
Rocket loader isn’t supported.
I disable Rocket Loader and seem it work, but now I continue get warning with CSP:
Refused to load the script ‘https://platform.twitter.com/widgets.js’ because it violates the following Content Security Policy directive: "script-src ‘report-sample’
Is there anyway to pass these CSP warning without remove my Twitter plugin?
Which Twitter plugin?
It just Twitter embled follow this guide: Set up Twitter for Websites — Twitter Developers
I added the source code to body tempate:
what’s wrong with the native Twitter embeds?
If you set up Twitter login then discourse handles Twitter embedding automatically.