I simply cannot get it to work!
I followed the guides: Defined Access policies to a subdomain and enabled browser-based rendering, set up a tunnel, made cloudflared config policies on the origin, setup CNAME DNS record to the DNS records page, and ran the tunnel and the tunnel is running successfully. I’ve also verified if the routing works by running
cloudflared tunnel ingress rule https://foo.mysite.com command and the expected rule is being matched.
While the tunnel is running from a console, I hit the configured subdomain and was presented with a blank screen. It appears that the server is sending CSP headers that are non-compatible with the browser-based SSH setup. As this is a CNAME pointing directly to (tunnel).cfargotunnel.com, these are not set by my origin.
Further, having rocket loader enabled completely results in a blank page, with the following error logged on the console:
No other client-side browser extensions (eg: adblock) are interfering with any elements.
So I went ahead and disabled Rocket loader, and now the page rendered, but with the following error:
Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-1QGch0/bwo+wwI5GJmPTC/dkHvK8JJsBW8NMtVlLIIc=’), or a nonce (‘nonce-…’) is required to enable inline execution.
on line 15 of the client-rendered SSH code.
I’m not defining or overriding the headers/response sent, say, via workers.
There are no errors logged in the tunnel console, such as when there’s a misconfiguration, with a Ray-ID. I’ve fully followed the official guides (mentioned in the initial post).
After disabling the rocket loader, I’m getting an error that something went wrong and the engineers are notified (as opposed to a blank page, earlier)
What could be the possible issue here? CSP? as it is sill blocking some resources from being loaded…