Getting Content Security Policy error (CSP) for discourse integration

#1

Hello Ghost community,

I have a ghost instance running on www.freecodecamp.rocks/news/
And a discourse instance running on www.freecodecamp.rocks/forum/

But I still get a CSP error like the following when I embed the discourse script in the post.hbs.

Here is the full error from the browser:

Here is the page ghost post page:

Here is the embed script:

<script type="text/javascript">
    DiscourseEmbed = {
        discourseUrl: 'http://www.freecodecamp.rocks/forum/',
        discourseEmbedUrl: '{{url absolute="true"}}'
    };
    (function () {
        var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
        d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js';
        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
    })();
</script>

And for the embed configuration I set the followings:
Allowed Hosts: www.freecodecamp.rocks
Class Name: news
Path Whitelist: /*
Post to Category: News

Any feedback would be greatly appreciated.

Thank you

#2

Hey there!

CSP errors for paths that start with /cdn-cgi are usually caused by cloudflare. Can you take a look and make sure your cloudflare apps aren’t loading any scripts? :slight_smile: