Tokens not loading, bars distorted on Chrome (works in Firefox)

My tokens and bars seem quite distorted on chrome. Chrome vs Firefox: You'll notice many of the ballista are missing - a player (Magnus) is missing. The healthbars are all distorted. I see several images blocked in the console. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> https://*.googlesyndication.com https://*.firebaseio.com https://*.googlesyndication.com https://*.opentok.com https://*.googlesyndication.com <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-4eN4tw6J9sccojnVBJxI6lPJOMpHnRSrZ-mWJg4Wwow='), or a nonce ('nonce-...') is required to enable inline execution. app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> https://*.googlesyndication.com https://*.firebaseio.com https://*.googlesyndication.com https://*.opentok.com https://*.googlesyndication.com <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-N4rT-GhE0K4LJ4zTB64Bkmk5xSsA8M7MPSk1qY82nAQ='), or a nonce ('nonce-...') is required to enable inline execution. Failed to load resource: the server responded with a status of 403 (Forbidden) <a href="https://s3.amazonaws.com/files.d20.io/images/7600" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/7600</a>... Failed to load resource: the server responded with a status of 403 (Forbidden) <a href="https://s3.amazonaws.com/files.d20.io/images/7600" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/7600</a>... Failed to load resource: the server responded with a status of 403 (Forbidden) <a href="https://s3.amazonaws.com/files.d20.io/images/7600" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/7600</a>... Failed to load resource: the server responded with a status of 403 (Forbidden) Failed to load resource: the server responded with a status of 403 (Forbidden) <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden) 3app.js?1437884211:28 Error loading image, probably due to cors. Trying once without CORS for <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden) <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden) 2app.js?1437884211:28 Error loading image, probably due to cors. Trying once without CORS for <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... 2app.js?1437884211:28 Error loading image, probably due to cors. Trying once without CORS for <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden) app.js?1437884211:36 Updating character sheet values <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden) 4app.js?1437884211:36 Updating character sheet values <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden) Image from origin '<a href="https://s3.amazonaws.com" rel="nofollow">https://s3.amazonaws.com</a>' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '<a href="https://app.roll20.net" rel="nofollow">https://app.roll20.net</a>' is therefore not allowed access. Any ideas what may be causing this? It just started this week. It also happens on my other campaign that is using no API scripts.

Lets start with the basics.&nbsp;Can you please follow Steps 1-3 of our Solving Technical Issues wiki page, taking special care to temporarily disable all browser add-ons and extensions, temporarily pause your anti-virus, and try switching browsers (for Chrome/Firefox specific issues) to see if one of those components is causing the problem. If all of that fails, please follow Step 4 , including providing all of the necessary information, so that we can further assist you. You already provided step 4 results and it shows your CORS (Cross-Origin Resource Sharing) being blocked so what has changed since it last function properly. Did you update your browser, antivirus (some antiviruses are getting very aggressive and are blocking services that were normally used), add any extensions (which you should disable if you do the steps), or anything else to the computer or browser? Asking this just to eliminate specific things.

Chrome version 45.0.2454.15 beta-m (64-bit). No idea if that is different from last week. No antivirus besides windows defender. I've cleared Cache. Loaded in Incognito mode Disabled all extensions Nothing has changed. The page loads with normal bars, but then they distort. No CORS errors on my test campaign - all the images load fine, but the bars still break. For reference it also happens on my computer at work. So I do not believe this to be dependent on my computer.

This is going to have to wait till a dev gets time to review the forums (they are at GENCON right now) as I reached the limits of my skills. Sorry for the wait.

I'll ping my players to see if they experience the same. I did on my work computer as well. If they do I'll ping Aaron to see if he has any ideas.

Aaron is at GENCON also.

Phooey. I have reverted to chrome version 44.0.2403.125 m (32 bit) and the issue has gone away. I expect others will have the same issue when they use 45. I'm sure the devs will look at it when they're back. Thanks!

Mark, we'll keep an eye out for the issue. Often times things like this are browser version bugs that get resolved before they roll it out as stable.