Make sure your forum url in config.php
file is defined with https://
protocol, and that you have HTTP redirects in place to make sure all visitors use the correct URL from their browsers.
Did you write the content security policy yourself? This is not a native Flarum feature. Flarum can work on HTTP natively if no CSP is used, but this is strongly discouraged for production.