Zammad 3.3 with CloudFlare error

After upgrading from Zammad 3.2 to 3.3 on a Centos7 server, I am unable to pass the loading screen. If I disable the CloudFlare front DNS for the helpdesk, it works correctly. When using CloudFlare I now receive the below error.

Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'nonce-SJQEPIlDbjGk/xoX2SFgCg=='". 'strict-dynamic' is present, so host-based whitelisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Is this due to the new security changes in Zammad 3.3?

An update,

I had to set a CloudFlare Page Rule to disable the rocket-loader when servicing the helpdesk.

1 Like

Just for reference the following file is responsible for this content security.
Changing it is not update safe but helps solving your issue if you want to use that js.

Note that setting headers in your webservers configuration is being ignored / overwritten and thus does not help.

1 Like

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.