Proxy violates Synology DSM CSP

I’ve setup Cloudflare Origin Certificate on my Synology NAS, confirmed in Chrome by accessing the IP directly. When turning on Cloudflare proxy (orange cloud) the DSM page is blank:

Refused to load the script ‘https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’ data: blob: https://.synology.com https://www.synology.cn/ https://.google.com https://*.googleapis.com”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

Any idea how to add the sources or remove Cloudflare injected scripts?

That’s the Rocket Loader feature from the Speed → Optimization section of dash.cloudflare.com

1 Like

Thanks for quick reply! Really turning Rocket off allows me to access NAS web page.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.