Getting Content Security Policy error (CSP) for discourse integration

Hello Ghost community,

I have a ghost instance running on
And a discourse instance running on

But I still get a CSP error like the following when I embed the discourse script in the post.hbs.

Here is the full error from the browser:

Here is the page ghost post page:

Here is the embed script:

<script type="text/javascript">
    DiscourseEmbed = {
        discourseUrl: '',
        discourseEmbedUrl: '{{url absolute="true"}}'
    (function () {
        var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
        d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js';
        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);

And for the embed configuration I set the followings:
Allowed Hosts:
Class Name: news
Path Whitelist: /*
Post to Category: News

Any feedback would be greatly appreciated.

Thank you

Hey there!

CSP errors for paths that start with /cdn-cgi are usually caused by cloudflare. Can you take a look and make sure your cloudflare apps aren’t loading any scripts? :slight_smile:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.