Constant security checks on discourse ajax requests



we run a small discourse forum with cloudflare.
Whenever people post Code (PHP, HTML, JS), but also regular “text only” posts, Cloudflare intercepts requests and serves the 403-captcha-security-check page, but since discourse works mainly with ajax request handled in background, the visitors never see this secutiry checks, therefore they can not complete captcha and publish their posts.

Since you also use discourse for your community, may i ask you if you did some special configuration to make discourse run?

(we have a vps with discourse docker container without additional nginx proxy)



Until you get an official reply, what’s your Security Level set to in your Cloudflare Firewall page? You could try lowering it to see if that helps.