OS: Windows 10 (64-bit) Browser: Chrome 67.0.3396.99 Javascript: Enabled When logged in as a player, the map that shows is black, as if covered by FoW even if I reveal areas or add a token with vision and a light aura. Log: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-aFs61fA2g0YTEOjZ+dQ5SQPN1xuL/gid4/WqpvaSQ3E='), or a nonce ('nonce-...') is required to enable inline execution. /editor/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-k8Kx+oSRaLZ+X7/r67j0Mow6bzS2pemyX++9YAOg3BU='), or a nonce ('nonce-...') is required to enable inline execution. jquery.migrate.js:20 JQMIGRATE: Logging is active app.js?1530633593:343 70 app.js?1530633593:344 TOUCH SUPPORTED: false app.js?1530633593:344 USING WEBGL ACCELERATION... app.js?1530633593:344 WEBGL STARTUP SUCCESS 99 [Violation] Added non-passive event listener to a scroll-blocking <some> event. Consider marking event handler as 'passive' to make the page more responsive. See <URL> app.js?1530633593:346 Custom Sheet Translation app.js?1530633593:338 select app.js?1530633593:338 Switch mode to select app.js?1530633593:357 Initializing new dice engine with randomness... app.js?1530633593:357 Using random entropy app.js?1530633593:360 Compiling sheet... app.js?1530633593:360 Found rolltemplate: simple app.js?1530633593:360 Found rolltemplate: atk app.js?1530633593:360 Found rolltemplate: dmg app.js?1530633593:360 Found rolltemplate: atkdmg app.js?1530633593:360 Found rolltemplate: desc app.js?1530633593:360 Found rolltemplate: spell app.js?1530633593:360 Found rolltemplate: traits app.js?1530633593:360 Found rolltemplate: npc app.js?1530633593:360 Found rolltemplate: npcatk app.js?1530633593:360 Found rolltemplate: npcdmg app.js?1530633593:360 Found rolltemplate: npcaction app.js?1530633593:360 Found rolltemplate: mancerroll app.js?1530633593:360 Found Charactermancer template: l1-welcome app.js?1530633593:360 Found Charactermancer template: l1-race app.js?1530633593:360 Found Charactermancer template: l1-class app.js?1530633593:360 Found Charactermancer template: l1-abilities app.js?1530633593:360 Found Charactermancer template: l1-background app.js?1530633593:360 Found Charactermancer template: l1-equipment app.js?1530633593:360 Found Charactermancer template: l1-spells app.js?1530633593:360 Found Charactermancer template: l1-feat app.js?1530633593:360 Found Charactermancer template: l1-summary app.js?1530633593:360 Found Charactermancer template: final 2 app.js?1530633593:360 Found webworker script app.js?1530633593:360 Finding sheet rolls... app.js?1530633593:360 Including compendium template css. app.js?1530633593:362 window resize app.js?1530633593:344 Final set zoom! app.js?1530633593:344 UPDATE GL SIZE! app.js?1530633593:344 Final set zoom! tutorial_tips.js:7 tuts loaded jquery-1.9.1.js:98 [Violation] 'DOMContentLoaded' handler took 1040ms 6 Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure image '<URL>'. This content should also be served over HTTPS. app.js?1530633593:355 MESSAGE RECEIVED app.js?1530633593:355 MessageEvent {isTrusted: true, data: {…}, origin: "<a href="https://app.roll20.net" rel="nofollow">https://app.roll20.net</a>", lastEventId: "", source: Window, …} sheetsandboxworker.js?1530823708267:532 Starting up WEB WORKER sheetsandboxworker.js?1530823708265:532 Starting up WEB WORKER app.js?1530633593:351 Final page load. app.js?1530633593:350 Auth'ed. app.js?1530633593:350 Go post auth! app.js?1530633593:350 initial setup app.js?1530633593:350 specific changed! app.js?1530633593:348 T.i {attributes: {…}, _escapedAttributes: {…}, cid: "c0", changed: {…}, _silent: {…}, …} app.js?1530633593:350 Got players value... app.js?1530633593:350 joining game... app.js?1530633593:348 Player -LEMhqGn_Oe4X1jr7Ilx is offline... app.js?1530633593:349 Global Volume: 100=1 app.js?1530633593:350 Deferred finish joining... app.js?1530633593:343 Firebase Online base.js?1530633549:6 [Violation] 'setTimeout' handler took 83ms app.js?1530633593:359 Refresh Journal List! app.js?1530633593:359 Search took 8ms 45 app.js?1530633593:347 Full load page! app.js?1530633593:350 We have 45 pages 59 [Violation] 'message' handler took <N>ms [Violation] Forced reflow while executing JavaScript took 41ms app.js?1530633593:351 Scan for new plays! app.js?1530633593:350 handle page changes app.js?1530633593:350 {-LEMhqGn_Oe4X1jr7Ilx: "-KjAXjlkdxeBTB9MoyIm"} app.js?1530633593:370 Video Quality medium app.js?1530633593:346 Do refresh link cache! app.js?1530633593:350 init active page! app.js?1530633593:348 activate page! app.js?1530633593:348 FULLY ACTIVATE VIEWS FOR PAGE. app.js?1530633593:359 Refresh Journal List! app.js?1530633593:359 Search took 5ms base.js?1530633549:6 [Violation] 'setTimeout' handler took 121ms [Violation] Forced reflow while executing JavaScript took 48ms app.js?1530633593:347 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace/321819/TknHKB2WFDQOtMv0ZHHc0Q/thumb.jpg?1493768747&14979036125" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace/321819/TknHKB2WFDQOtMv0ZHHc0Q/thumb.jpg?1493768747&14979036125</a> to <a href="https://s3.amazonaws.com/files.d20.io/marketplace/321819/TknHKB2WFDQOtMv0ZHHc0Q/original.jpg?1493768747&14979036125" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace/321819/TknHKB2WFDQOtMv0ZHHc0Q/original.jpg?1493768747&14979036125</a> app.js?1530633593:347 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace/321860/XGTVhsv6f8rkiEOtB87mNA/thumb.png?1495489342&14979037185" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace/321860/XGTVhsv6f8rkiEOtB87mNA/thumb.png?1495489342&14979037185</a> to <a href="https://s3.amazonaws.com/files.d20.io/marketplace/321860/XGTVhsv6f8rkiEOtB87mNA/med.png?1495489342&14979037185" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace/321860/XGTVhsv6f8rkiEOtB87mNA/med.png?1495489342&14979037185</a> app.js?1530633593:347 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace/321862/KTJQ5x8zUc5H2gM6HpKOsQ/thumb.png?1495489378&14979037225" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace/321862/KTJQ5x8zUc5H2gM6HpKOsQ/thumb.png?1495489378&14979037225</a> to <a href="https://s3.amazonaws.com/files.d20.io/marketplace/321862/KTJQ5x8zUc5H2gM6HpKOsQ/max.png?1495489378&14979037225" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace/321862/KTJQ5x8zUc5H2gM6HpKOsQ/max.png?1495489378&14979037225</a> app.js?1530633593:347 Swapping <a href="https://s3.amazonaws.com/files.d20.io/marketplace/321863/GIKlvSZpYZdV-ykXPtZ8tw/thumb.png?1495489388&14979037245" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace/321863/GIKlvSZpYZdV-ykXPtZ8tw/thumb.png?1495489388&14979037245</a> to <a href="https://s3.amazonaws.com/files.d20.io/marketplace/321863/GIKlvSZpYZdV-ykXPtZ8tw/med.png?1495489388&14979037245" rel="nofollow">https://s3.amazonaws.com/files.d20.io/marketplace/321863/GIKlvSZpYZdV-ykXPtZ8tw/med.png?1495489388&14979037245</a>