Enabling Rocket Loader on Cloudflare Interfered with the Nextcloud web login page

post-thumb

Photo by Pixabay from Pexels

Table of Contents

When setting up Cloudflare for this website, I decided to try it out on some sites that I had setup on my home network. In particular, my Nextcloud web portal. All was going well until I began enabling various optimization features that are available in the free Cloudflare account.

I noticed when accessing the Nextcloud web page from my work computer that it would not allow me to log in. The login button was visible but disabled. I had thought a recent upgrade caused the issue since I believe I had recently performed one. Thus began some Google searching…

A Nextcloud forum post had users describing different ways to solve the same problem. There was a comment near the bottom that said something about the Content Security Policy (CSP) of their browser was preventing certain assets from being loaded. So I checked the web console in Firefox and sure enough, I saw that some content was being blocked by the CSP. (Note that I made a comment on that same forum post to validate the comment about the CSP and to give more details about my specific scenario so it could potentially help others)

What exactly was being blocked? It was the JavaScript assets being used by Cloudflare’s Rocket Loader feature. I tried turning off that feature, and I could log back in again! It is possible this issue is due to how my organization is blocking/filtering content for security purposes so you may or may not encounter such a problem. However, it is good to keep in mind in case you are trying to access your own sites remotely or if you are hosting other public websites. You do not want to cause any unnecessary access issues to your website.

Sometimes it may not be worth having your site load 1-2 seconds faster if it can have such undesired consequences. If your audience is not in a more restricted environment, you should not have to worry as much about enabling nice optimizations that Cloudflare has to offer.

comments powered by Disqus