I’ve setup Cloudflare Origin Certificate on my Synology NAS, confirmed in Chrome by accessing the IP directly. When turning on Cloudflare proxy (orange cloud) the DSM page is blank:
Refused to load the script ‘https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’ data: blob: https://.synology.com https://www.synology.cn/ https://.google.com https://*.googleapis.com”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.
Any idea how to add the sources or remove Cloudflare injected scripts?