Today, I converted a bunch of physical tokens I bought into PNG copies for use in my Roll20 game. However, I'm running into at least one that I cannot place, though I can find it with the token search tab. Steps to Reproduce: I click Join Game for my Pathfinder: Hell's Rebels game. The game loads. Switch to token tab, search for "cleric". I try to drag and drop the blue- and gold-robed cleric with the scimitar in the screenshot onto the map. In the console log below, this causes the first 5 entries after the big block of 8 mixed content warnings. The token does not appear. I try dragging a different token onto the map. It works fine. I've tried this a couple times with both FF 45.0.2 and Chrome "49.0.2623.112 m" on Windows 10. In the log below, I bolded the entries that appeared when I attempted dropping the misbehaving token. It's always this specific token that refuses to load, though I have not tried too many others today. Chrome Console Log (beginning from when I clicked Join Game): Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> https://*.googlesyndication.com https://*.firebaseio.com https://*.googlesyndication.com https://*.opentok.com https://*.googlesyndication.com <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-KWomuGpXxpFwEr9NSHAt0cHx2RcslOsT5+DUn7HzjF8='), or a nonce ('nonce-...') is required to enable inline execution. app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> https://*.googlesyndication.com https://*.firebaseio.com https://*.googlesyndication.com https://*.opentok.com https://*.googlesyndication.com <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-9O/nlhXlUbG6gOSltvclpYVhoNE2r9KbWJO6e/X7l1E='), or a nonce ('nonce-...') is required to enable inline execution. app.js?1460650705:29 70 app.js?1460650705:30 TOUCH SUPPORTED: false app.js?1460650705:30 USING WEBGL ACCELERATION... app.js?1460650705:30 WEBGL STARTUP SUCCESS app.js?1460650705:25 select app.js?1460650705:25 Switch mode to select app.js?1460650705:40 Initializing new dice engine with randomness... app.js?1460650705:40 Using random entropy app.js?1460650705:44 Compiling sheet... app.js?1460650705:44 Found rolltemplate: pf_spell app.js?1460650705:44 Found rolltemplate: pf_attack app.js?1460650705:44 Found rolltemplate: pf_defense app.js?1460650705:44 Found rolltemplate: pf_generic app.js?1460650705:44 Found rolltemplate: pf_block app.js?1460650705:44 Found webworker script jquery.1.8.2.min.js:2 The specified value "Medium" is not a valid number. The value must match to the following regular expression: -?(\d+|\d+\.\d+|\.\d+)([eE][-+]?\d+)? app.js?1460650705:44 Finding sheet rolls... app.js?1460650705:45 window resize app.js?1460650705:30 Final set zoom! app.js?1460650705:30 UPDATE GL SIZE! app.js?1460650705:30 Final set zoom! tutorial_tips.js:7 tuts loaded app.roll20.net/:1 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://imgsrv.roll20.net/?src=paizo.com/image/content/Logos/PathfinderRPGLogo_500.jpeg" rel="nofollow">http://imgsrv.roll20.net/?src=paizo.com/image/content/Logos/PathfinderRPGLogo_500.jpeg</a>'. This content should also be served over HTTPS. app.js?1460650705:36 Final page load. app.js?1460650705:45 Refresh jukebox List! sheetsandboxworker.js?20150218:212Starting up WEB WORKER VM41:621 •.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸ The Aaron Sheet v0.2.4 ¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.• VM41:622 •.¸¸.•*´¨`*•.¸¸.•*´¨`*•.¸ Last update: Fri Mar 04 2016 08:28:11 GMT-0500 (Eastern Standard Time) ¸.•*´¨`*•.¸¸.•*´¨`*•.¸¸.• app.js?1460650705:35 Auth'ed. app.js?1460650705:35 Go post auth! app.js?1460650705:36 Scan for new plays! app.js?1460650705:35 initial setup app.js?1460650705:34 r {attributes: Object, _escapedAttributes: Object, cid: "c0", changed: Object, _silent: Object…} app.js?1460650705:35 Got players value... app.js?1460650705:36 joining game... 3app.js?1460650705:33 Full load page! app.js?1460650705:35 We have 3 pages app.js?1460650705:34 Player -KCh81WxZgj85se2PDm1 is offline... app.js?1460650705:14 THREE.WebGLRenderer 69 app.js?1460650705:34 Global Volume: 100=1 app.js?1460650705:34 Player -KCrKdlsDGrchq2NzlCI is offline... app.js?1460650705:34 Player -KCrKeXh9R1vqHHxuwgn is offline... app.js?1460650705:34 Player -KCrLIEwiNu58535krC- is offline... app.js?1460650705:34 Player -KCrLeqb6QXuyUXC11eC is offline... app.js?1460650705:36 Deferred finish joining... app.js?1460650705:29 Firebase Online app.js?1460650705:39 refershing page listings! app.js?1460650705:35 handle page changes app.js?1460650705:35 false app.js?1460650705:43 Refresh Journal List! app.js?1460650705:43 Search took 12ms app.js?1460650705:39 refershing page listings! app.js?1460650705:36 Scan for new plays! app.js?1460650705:32 Do refresh link cache! max.png:1 GET <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... 403 (Forbidden) app.js?1460650705:43 Refresh Journal List! app.js?1460650705:43 Search took 15ms app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/1718" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1718</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/1718" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1718</a>... app.js?1460650705:36 init active page! app.js?1460650705:33 activate page! app.js?1460650705:33 FULLY ACTIVATE VIEWS FOR PAGE. 8app.js?1460650705:29 Error loading image, probably due to cors. Trying once without CORS for <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... app.js?1460650705:43 initiatlizing video chat app.js?1460650705:43 Connecting to WebRTC app.js?1460650705:45 Refresh jukebox List! app.js?1460650705:33 Graphics: 21 app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... to <a href="https://s3.amazonaws.com/files.d20.io/marketplace" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/1718" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1718</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/1718" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1718</a>... app.js?1460650705:33 Paths: 11 18app.js?1460650705:32 setting src app.js?1460650705:33 Reorder by ZORDER app.js?1460650705:33 Reorder by ZORDER app.js?1460650705:39 refershing page listings! max.png:1 GET <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... 403 (Forbidden) app.js?1460650705:43 Connected to session app.js?1460650705:43 Someone just connected. app.js?1460650705:43 It's us? app.roll20.net/:1 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://t3.gstatic.com/images?q=tbn:ANd9GcR0nIYaMX-Amr8DqNg19GdQRz9ZpEKmK24ljvF16n_OYZrDTOotIpHSmkfT" rel="nofollow">http://t3.gstatic.com/images?q=tbn:ANd9GcR0nIYaMX-Amr8DqNg19GdQRz9ZpEKmK24ljvF16n_OYZrDTOotIpHSmkfT</a>'. This content should also be served over HTTPS. app.roll20.net/:1 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://t3.gstatic.com/images?q=tbn:ANd9GcQA28mGR33bp15MQ969iETwv7Lpt71krTbQNVcOsIhjN-btHRmWjYMz1Nc" rel="nofollow">http://t3.gstatic.com/images?q=tbn:ANd9GcQA28mGR33bp15MQ969iETwv7Lpt71krTbQNVcOsIhjN-btHRmWjYMz1Nc</a>'. This content should also be served over HTTPS. app.roll20.net/:1 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://t1.gstatic.com/images?q=tbn:ANd9GcRidOrFIGOzwbp-riahwLKZ8fbqWMO_gHnwY0Y5KpoSRGfFad5nbqyH7-A3" rel="nofollow">http://t1.gstatic.com/images?q=tbn:ANd9GcRidOrFIGOzwbp-riahwLKZ8fbqWMO_gHnwY0Y5KpoSRGfFad5nbqyH7-A3</a>'. This content should also be served over HTTPS. app.roll20.net/:1 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://t3.gstatic.com/images?q=tbn:ANd9GcRqAFuB-NrC-AFii8rG9JC0cNRwWi4ONlMqYOINVdd1GlfLWy2Hzz1SdnmO" rel="nofollow">http://t3.gstatic.com/images?q=tbn:ANd9GcRqAFuB-NrC-AFii8rG9JC0cNRwWi4ONlMqYOINVdd1GlfLWy2Hzz1SdnmO</a>'. This content should also be served over HTTPS. app.roll20.net/:1 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://t0.gstatic.com/images?q=tbn:ANd9GcSkA9itqvwnZpJRgmBeuT6ucXroYxFU-WYY-GMYNNhm2kX59_3JDzOcyBQ" rel="nofollow">http://t0.gstatic.com/images?q=tbn:ANd9GcSkA9itqvwnZpJRgmBeuT6ucXroYxFU-WYY-GMYNNhm2kX59_3JDzOcyBQ</a>'. This content should also be served over HTTPS. app.roll20.net/:1 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://t2.gstatic.com/images?q=tbn:ANd9GcRolCcQpmopokRs4p2HpyMXkuEIbAyRwrCYonxygY8C2sQQLHycY9Xr3Kw" rel="nofollow">http://t2.gstatic.com/images?q=tbn:ANd9GcRolCcQpmopokRs4p2HpyMXkuEIbAyRwrCYonxygY8C2sQQLHycY9Xr3Kw</a>'. This content should also be served over HTTPS. app.roll20.net/:1 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://t0.gstatic.com/images?q=tbn:ANd9GcQweGtTk2GS0FNY0-bik3S_Bs2Gz8BsR6ApOk1V2fQwIJbczlcHb6-I5z4G" rel="nofollow">http://t0.gstatic.com/images?q=tbn:ANd9GcQweGtTk2GS0FNY0-bik3S_Bs2Gz8BsR6ApOk1V2fQwIJbczlcHb6-I5z4G</a>'. This content should also be served over HTTPS. app.roll20.net/:1 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://t0.gstatic.com/images?q=tbn:ANd9GcQebf38wtDp1BAflSwepoRYXRfc4djIRAourlHLXGA2RZ_bFo1IBTZBFUI" rel="nofollow">http://t0.gstatic.com/images?q=tbn:ANd9GcQebf38wtDp1BAflSwepoRYXRfc4djIRAourlHLXGA2RZ_bFo1IBTZBFUI</a>'. This content should also be served over HTTPS. app.js?1460650705:45 Body drop! app.js?1460650705:44 drop on upper canvas max.png:1 GET <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... 403 (Forbidden) app.js?1460650705:29 Error loading image, probably due to cors. Trying once without CORS for <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... max.png:1 GET <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... 403 (Forbidden) app.js?1460650705:45 Body drop! app.js?1460650705:44 drop on upper canvas app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... app.js?1460650705:30 Do width/height snapping app.js?1460650705:30 Do angle snapping! app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... app.js?1460650705:32 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/1824" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1824</a>... app.js?1460650705:33 Reorder by ZORDER 3app.js?1460650705:32 setting src