why is your mixer using cloudflare's ssl? Do you realise cloudflare will be able to decrypt all data between your customers and yourself? I'd encourage you to buy your own SSL certificates and move away from cloudflare asap if you want to be taken seriously.
Even letsencrypt certificates would be a hell of a lot better than cloudflare's on such a privacy-centric service (don't get me wrong: cloudflare is great if you're not a service that would require absolute privacy... I've been using cloudflare on my sites for a long time, but then again: i don't even allow useraccounts to be created on my sites...)
Thank you for pointing this bug out. This is a very acute thing. We will definitely resolve the issue and will replace ssl certificates to eliminate this weak point of using cloudflares ssl.