I'm running a wiki on DreamHost and I enabled mod_security as described here. Apparently, this blocks a request done by Flow and prevents it from running properly. The blocked request is:
https://wikiar.org/load.php?debug=false&lang=es&modules=ext.flow.visualEditor%7Cext.flow.visualEditor.icons%7Cext.visualEditor.core&skin=poncho&version=0x50c35
I have disabled mod_security now so the error will not show up. However, when checking the error.log it appears that the troublesome bit is "0x50c35" which mod_security interprets as "SQL Hex Encoding"
[Sat Aug 03 07:04:27 2019] [error] [client 186.139.106.164] ModSecurity: Access denied with code 418 (phase 1). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:version. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "329"] [id "1990091"] [msg "SQL Hex Encoding Identified"] [hostname "wikiar.org"] [uri "/load.php"] [unique_id "XUWUa0BvdNoAAHiXNVMAAAAB"]
This may be a DreamHost specific issue, but more likely it's a more general issue with mod_security.