I boostrapped discourse using my custom app.yml which uses the cloudflare template like so:
templates:
- "templates/postgres.template.yml"
- "templates/redis.template.yml"
- "templates/web.template.yml"
- "templates/web.ratelimited.template.yml"
- "templates/web.socketed.template.yml"
- "templates/sshd.template.yml"
- "templates/cloudflare.template.yml"
Then I bootstrapped the image like so:
./launcher bootstrap app &&\
./launcher start app
I then register my account, and try clicking on the activation link on my discourse page, and NOTHING happens. Looking at dev tools, I see this error:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'report-sample' http://myfancydomain.com/logs/ http://myfancydomain.com/sidekiq/ http://myfancydomain.com/mini-profiler-resources/ http://myfancydomain.com/assets/ http://myfancydomain.com/brotli_asset/ http://myfancydomain.com/extra-locales/ http://myfancydomain.com/highlight-js/ http://myfancydomain.com/javascripts/ http://myfancydomain.com/plugins/ http://myfancydomain.com/theme-javascripts/ http://myfancydomain.com/svg-sprite/". Either the 'unsafe-inline' keyword, a hash ('sha256-T1n9N/v2ZUyCGncqaO0MgcESijK4iDg9nXYaamEO+bY='), or a nonce ('nonce-...') is required to enable inline execution.
I have NO clue what this error means - any clues as to how to solve it would be great.
You've included the cloudflare template which probably means you're using it for SSL.
But your CSP has all http schemes instead of https. If you access via https but the CSP says http, that's a mismatch.
You need to tell Discourse that it's behind https if that's the case. Try:
SiteSetting.force_https = true
at the rails console.