CSP is blocking Cloudflare even though I rewrote the CSP header
I'm running a software called Mattermost, and whenever I proxy it through Cloudflare, I receive this error when trying to connect.
So, I used a Transform Rule to remove the CSP header. It appears to have worked, I can't see it in Firefox's inspector, but the error still appears in the console. Why might this be?
5 Replies
This may help https://stackoverflow.com/questions/37298608/content-security-policy-the-pages-settings-blocked-the-loading-of-a-resource
Stack Overflow
Content Security Policy: The page's settings blocked the loading of...
I am using CAPTCHA on page load, but it is blocking because of some security reason.
I am facing this problem:
Content Security Policy: The page's settings blocked the loading
of a resourc...
It's a header on your site that gets read by the browser. Removing it in Cloudflare's rules prevents it from being transmitted to the browser as part of the proxy response, but the code still exists on the page itself. I suspect that's what's throwing the errors in browser console.
Ah, yes
I found that the issue was caused by Rocket Loader so I just disabled that using a Configuration rule
Marvellous things, those.
you used a config rule to disable Rocket Loader? Sitewide or just one page?
If you want it disabled sitewide, there's a master switch for it in Speed configuration.
A single subdomain of one zone