Jump to content
  • 0

I appear to be missing some package/library prerequisite but not sure what, exactly. (See screenshot of admin area) Is this Cloudflare related?


IncogHost

Question

Per the documentation:

 

Quote

 

Cloudflare

Widgets do not appear in the client or admin areas, CSS or Javascript does not appear to load or Blesta doesn't look right.

Disable Rocket Loader and Auto Minify within Cloudflare. We would recommend not using Cloudflare for Blesta at all if possible.

 

 

Neither Auto Minify or Rocket Loader were/are enabled. I cleared CF cache for good measure as well. Is what I'm seeing still related to Cloudflare? Just curious since my site uses CF for SSL Certs, but I can swap those for Let's Encrypt or similar instead of relying on Cloudflare for them if I need to.

Screenshot_2021-01-14_05-07-09.png

Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 1

If you disable cloudflare so that they just direct traffic to the server's IP, does it resolve the issue?

Is this a fresh installation? If it's a fresh install, there could be missing files or the installation may not have completed correctly. Your browsers inspector may give a better indication if any files (like CSS and Javascript files) are missing and returning a 404 error.

Link to post
Share on other sites
  • 0
26 minutes ago, Paul said:

If you disable cloudflare so that they just direct traffic to the server's IP, does it resolve the issue?

Is this a fresh installation? If it's a fresh install, there could be missing files or the installation may not have completed correctly. Your browsers inspector may give a better indication if any files (like CSS and Javascript files) are missing and returning a 404 error.

Ah, and there it is.  Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”).

Some cookies are misusing the recommended “SameSite“ attribute 2
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”). onloadwff.js:71:790746
Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. jquery-1.8.3.min.js:2:91186
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”). admin:287:1
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”). admin:409:1

Was about half awake when messing with this fresh install, and hadn't occurred to me that I'm running a pretty strict set of security headers.  Nginx's content security headers are set to 'self', so it's not going to load 3rd party elements/scripts, nor do I want it to.

That probably gave me enough details to sort this out. I don't believe that it's related to Cloudflare, but we're just temporarily using them to host DNS / get the site up.

 

 

Link to post
Share on other sites
  • 0
17 minutes ago, IncogHost said:

Was about half awake when messing with this fresh install, and hadn't occurred to me that I'm running a pretty strict set of security headers.  Nginx's content security headers are set to 'self', so it's not going to load 3rd party elements/scripts, nor do I want it to.

That probably gave me enough details to sort this out. I don't believe that it's related to Cloudflare, but we're just temporarily using them to host DNS / get the site up.

All of the resources should be loaded locally and not via an external URL. Or, does a Content-Security-Policy of "self" mean that you cannot load resources from a subdomain even if the application is on the same subdomain? Maybe the policy needs to be modified to include the subdomain.

Link to post
Share on other sites
  • 0
1 hour ago, Paul said:

All of the resources should be loaded locally and not via an external URL. Or, does a Content-Security-Policy of "self" mean that you cannot load resources from a subdomain even if the application is on the same subdomain? Maybe the policy needs to be modified to include the subdomain.

Good call, it's been amended properly however the issue persists. There should be no caching at the Cloudflare level.

Without having to transfer DNS elsewhere just to test, is there anything else you can think of?

Temporarily I've disabled the https redirect in my nginx .conf for this domain, and with Cloudflare. I passed traffic straight to the sub-domain, no CF, purged cache. Still no widgets in the admin area. See below:

Screenshot at 2021-01-14 17-27-38.png

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...