Make sure your forum url in
config.php file is defined with
https:// protocol, and that you have HTTP redirects in place to make sure all visitors use the correct URL from their browsers.
Did you write the content security policy yourself? This is not a native Flarum feature. Flarum can work on HTTP natively if no CSP is used, but this is strongly discouraged for production.