this topic is related to this one. The solution proposed there (bypassing the cache) does not work for me.
My issue was caused by the Rocket Loader (JavaScript loading optimization). Cloudflare states to use the Rocket Loader one has to add the following CSP rule script-src 'self' ajax.cloudflare.com;, but unfortunately that was not enough for me. The Rocket Loader seems to be loaded and executed but the scripts it tries to download are refused.
I have completely disabled the Rocket Loader for my checkout page (Rules > Configuration Rules), and the checkout started to work again (without bypassing the cache).
However, I would be interested to know how to get the Rocket Loader to work on the checkout page. For example, are there any other CSP rules that need to be applied?
A) My solution on checkout page was to create two rules - 1) not to cache /checkout/ 2) not to cache /require/
B) We have disabled Rocket Loader, because we had issues with: “this page has expired”, when you click add to cart. Don’t you get this issue?
A) I just tried this, but as long as we have the Rocket Loader enabled, we get the same errors.
B) Adding products to the cart works with Rocket Loader enabled.
I’ve been leveraging this module Magento 2 CSP Whitelist to allowlist third-party domains and subdomains effectively. This has also helped me resolving issues related with Cloudflare and especially rocket loader on Magento 2 version 2.4.7. There is a wonderful configuration where can manage and allowlist domain URL from Magento admin panel itself. Hope this helps