After upgrading from Zammad 3.2 to 3.3 on a Centos7 server, I am unable to pass the loading screen. If I disable the CloudFlare front DNS for the helpdesk, it works correctly. When using CloudFlare I now receive the below error.
Refused to load the script 'https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'nonce-SJQEPIlDbjGk/xoX2SFgCg=='". 'strict-dynamic' is present, so host-based whitelisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Is this due to the new security changes in Zammad 3.3?