We're Hiring!

Mattermost, Inc.

Insufficient Content Security Settings

Hello! I run my Mattermost Instance behind Cloudflare and route the subdomain that I use my Mattermost instance on through Cloudflare with the rest of my domains. I began to use the Cloudflare RocketLoader feature recently, which, for those who don’t know what rocket loader is, it is, according to Cloudflare:
Rocket Loader prioritizes your website's content (text, images, fonts etc) by deferring the loading of all of your JavaScript until after rendering. On pages with JavaScript, this results in a much faster loading experience for your users and improves the following performance metrics: Time to First Paint (TTFP)
On all my other domains, this worked just fine, however, it turns out that it breaks the mattermost installation from ever getting to the login page, as seen in the screenshot below, due to the content policy not having the right permissions in the root.html file.


For now, I have just disabled rocket loader on my web platform site-wide, but in the future it would be nice if certain libraries that are commonly used such as the Cloudflare libraries could be included or allowed in the content security.