Here's a log from dragging an image onto the map from my desktop: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> https://*.googlesyndication.com <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.googlesyndication.com https://*.tokbox.com https://*.googlesyndication.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> https://*.googlesyndication.com <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> https://*.googlesyndication.com <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-d05siSByoBI835s/uB6lQGiIEJcA8f+t7V4m61ge/1w='), or a nonce ('nonce-...') is required to enable inline execution.
app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> https://*.googlesyndication.com <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.googlesyndication.com https://*.tokbox.com https://*.googlesyndication.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> https://*.googlesyndication.com <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> https://*.googlesyndication.com <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-npngRtQYomQz2/PGlo3OMaFWOvAvrm65p+WFyZPCRuo='), or a nonce ('nonce-...') is required to enable inline execution.
app.roll20.net/:1 Refused to load the script 'data:application/javascript;base64,KGZ1bmN0aW9uKCkgewoJLy8gaHR0cHM6Ly9kZXZl…07Cgl9OwoJZ2EucmVtb3ZlID0gbm9vcGZuOwoJd2luZG93W2dhTmFtZV0gPSBnYTsKfSkoKTs=' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> https://*.googlesyndication.com <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.googlesyndication.com https://*.tokbox.com https://*.googlesyndication.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> https://*.googlesyndication.com <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> https://*.googlesyndication.com <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>".
app.js:31 70
app.js:31 TOUCH SUPPORTED: false
app.js:31 USING WEBGL ACCELERATION...
app.js:31 WEBGL STARTUP SUCCESS
app.js:26 select
app.js:26 Switch mode to select
app.js:42 Initializing new dice engine with randomness...
app.js:42 Using random entropy
app.js:47 window resize
app.js:32 Final set zoom!
app.js:31 UPDATE GL SIZE!
app.js:32 Final set zoom!
tutorial_tips.js:7 tuts loaded
app.js:38 Final page load.
app.js:48 Refresh jukebox List!
app.js:37 Auth'ed.
app.js:37 Go post auth!
app.js:37 initial setup
app.js:35 T.r
app.js:37 Got players value...
app.js:37 joining game...
app.js:35 Full load page!
app.js:37 We have 1 pages
app.js:35 Player -KeEV0-sjrCLf_qrLcSX is offline...
app.js:36 Global Volume: 100=1
app.js:37 Deferred finish joining...
app.js:31 Firebase Online
app.js:44 Loading Roll20 Chat Event Handlers
app.js:37 handle page changes
app.js:37 false
app.js:40 refershing page listings!
app.js:37 init active page!
app.js:35 activate page!
app.js:35 FULLY ACTIVATE VIEWS FOR PAGE.
app.js:35 Graphics: 0
app.js:35 Paths: 0
app.js:35 Reorder by ZORDER
app.js:38 Scan for new plays!
app.js:40 refershing page listings!
app.js:48 Refresh jukebox List!
app.js?1487867489:40 DROP ON FILE UPLOAD
app.js?1487867489:40 half orc barbarian.png
app.js?1487867489:40 36378684
app.js?1487867489:40 Uploading a size: 100x100
app.js?1487867489:40 Reader load!
app.js?1487867489:40 img load!
app.js?1487867489:40 280
app.js?1487867489:40 0
app.js?1487867489:40 Uploading a size: 200x200
app.js?1487867489:40 Reader load!
app.js?1487867489:40 img load!
app.js?1487867489:40 280
app.js?1487867489:40 20
app.js?1487867489:40 Uploading a size: 512x512
app.js?1487867489:40 Reader load!
app.js?1487867489:40 img load!
app.js?1487867489:40 280
app.js?1487867489:40 40
app.js?1487867489:40 Uploading a size: 2048x2048
app.js?1487867489:40 Reader load!
app.js?1487867489:40 img load!
app.js?1487867489:40 280
app.js?1487867489:40 60
app.js?1487867489:40 Uploading a size: 10000x10000
app.js?1487867489:40 Reader load!
app.js?1487867489:40 img load!
app.js?1487867489:40 280
app.js?1487867489:40 80
app.js?1487867489:40 Object {multiUploadNum: 0, multiUploadTotal: 1, size: 141660, width: 280, height: 280…}
app.js?1487867489:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/2957" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/2957</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/2957" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/2957</a>...
app.js?1487867489:32 Do width/height snapping
app.js?1487867489:32 Do angle snapping!
app.js?1487867489:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/2957" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/2957</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/2957" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/2957</a>...
app.js?1487867489:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/2957" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/2957</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/2957" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/2957</a>...
app.js?1487867489:35 Reorder by ZORDER
3app.js?1487867489:34 setting src
app.js?1487867489:40 refershing page listings!