If you look in the developer tools the issue is that the requests are to HTTP endpoints (which is really bad, especially for passwords!). Change those to HTTPS and it should work fine.
I would make sure, especially since you are handling passwords, to have a valid certificate at the origin setting the SSL Crypto setting in the Cloudflare dashboard to Full (Strict).
If this is specific to the browser and I make a change in google developer tools, anybody else that wants to log in will still not be able to login from their end.
I figured this would be changed in hosting or with Cloudflare.
It is changed in hosting (there is an option to do it Cloudflare’s side, but it’s cumbersome, unnecessary and mostly just not recommended if it’s possible to avoid), the developer’s tools are accessed in different ways depending on browser (and often even OS) and show issues (and a ton of other things). You can’t change anything website related from there.