Can't load Art assets on the Dev server

EDIT/UPDATE: I do not have this issue using FF IF I log into the App server and the Dev simultaneously.&nbsp; I do still have this issue in Chrome even when logged into both App and Dev.&nbsp;&nbsp;&nbsp; So maybe it's isolated to Chrome...? I'm having an issue accessing any art assets when on the Dev server (see image below).&nbsp; I have had similar issues on the Dev in the past&nbsp; <a href="https://app.roll20.net/forum/post/5917971/slug%7D" rel="nofollow">https://app.roll20.net/forum/post/5917971/slug%7D</a> &nbsp;that mysteriously resolved itself...&nbsp; but it's back again. windows 10 Google Chrome is up to date Version 80.0.3987.16 (Official Build) beta (64-bit) Testing in incognito mode with no extensions malwarebytes turned off Seems to be related to CORS policy errors(...?) when I load a game on the Dev in chrome (incognito w/no extensions)&nbsp; here's a log for loading a simple game on the Dev(no images in the game) jquery.migrate.js:20 JQMIGRATE: Logging is active ?timestamp=1578505777&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false:14 CAMPAIGN ID: 47796 (index):4698 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-3ssv5SqqunEClWYK' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-vileAyXucIHIT+3pbOzFP62jSSQqBYQ/DZ/WZAa5v4Y='), or a nonce ('nonce-...') is required to enable inline execution. app.js?1578421880:541 70 app.js?1578421880:543 TOUCH SUPPORTED: false app.js?1578421880:543 USING WEBGL ACCELERATION... app.js?1578421880:543 WEBGL STARTUP SUCCESS app.js?1578421880:545 Custom Sheet Translation app.js?1578421880:560 Loading Custom character sheet. tutorial_tips.js:7 tuts loaded (index):1 Mixed Content: The page at '<a href="https://app.roll20dev.net/editor/" rel="nofollow">https://app.roll20dev.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://imgsrv.roll20.net/?src=imgsrv.roll20.net/%3Fsrc%3Di.imgur.com/uf0H3XX.png" rel="nofollow">http://imgsrv.roll20.net/?src=imgsrv.roll20.net/%3Fsrc%3Di.imgur.com/uf0H3XX.png</a>'. This content should also be served over HTTPS. (index):1 Mixed Content: The page at '<a href="https://app.roll20dev.net/editor/" rel="nofollow">https://app.roll20dev.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://imgsrv.roll20.net/?src=imgsrv.roll20.net/%3Fsrc%3Di.imgur.com/p8GwTmJ.png" rel="nofollow">http://imgsrv.roll20.net/?src=imgsrv.roll20.net/%3Fsrc%3Di.imgur.com/p8GwTmJ.png</a>'. This content should also be served over HTTPS. (index):1 Mixed Content: The page at '<a href="https://app.roll20dev.net/editor/" rel="nofollow">https://app.roll20dev.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://imgsrv.roll20.net/?src=imgsrv.roll20.net/%3Fsrc%3Di.imgur.com/wq36LEN.png" rel="nofollow">http://imgsrv.roll20.net/?src=imgsrv.roll20.net/%3Fsrc%3Di.imgur.com/wq36LEN.png</a>'. This content should also be served over HTTPS. (index):1 [DOM] Found 2 elements with non-unique id #color_value: (More info: <a href="https://goo.gl/9p2vKq" rel="nofollow">https://goo.gl/9p2vKq</a>) &lt;input type=​"text" size=​"8" id=​"color_value"&gt;​ &lt;input type=​"text" size=​"8" id=​"color_value"&gt;​ sheetsandboxworker.js?1578505780325:682 Starting up WEB WORKER (index):1 A cookie associated with a cross-site resource at <a href="https://roll20.net/" rel="nofollow">https://roll20.net/</a> was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application&gt;Storage&gt;Cookies and see more details at <a href="https://www.chromestatus.com/feature/5088147346030592" rel="nofollow">https://www.chromestatus.com/feature/5088147346030592</a> and <a href="https://www.chromestatus.com/feature/5633521622188032" rel="nofollow">https://www.chromestatus.com/feature/5633521622188032</a>. (index):1 Access to XMLHttpRequest at '<a href="https://app.roll20.net/image_library/marketplace_purchases_index" rel="nofollow">https://app.roll20.net/image_library/marketplace_purchases_index</a>' from origin '<a href="https://app.roll20dev.net" rel="nofollow">https://app.roll20dev.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. jquery-1.9.1.js:8526 GET <a href="https://app.roll20.net/image_library/marketplace_purchases_index" rel="nofollow">https://app.roll20.net/image_library/marketplace_purchases_index</a> net::ERR_FAILED send @ jquery-1.9.1.js:8526 ajax @ jquery-1.9.1.js:7978 jQuery.&lt;computed&gt; @ jquery-1.9.1.js:7614 d20.library.buildLibraryIndex @ app.js?1578421880:569 (anonymous) @ app.js?1578421880:569 fire @ jquery-1.9.1.js:1037 fireWith @ jquery-1.9.1.js:1148 ready @ jquery-1.9.1.js:433 completed @ jquery-1.9.1.js:103 (index):1 Access to XMLHttpRequest at '<a href="https://app.roll20.net/image_library/fetchroot" rel="nofollow">https://app.roll20.net/image_library/fetchroot</a>' from origin '<a href="https://app.roll20dev.net" rel="nofollow">https://app.roll20dev.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. jquery-1.9.1.js:8526 GET <a href="https://app.roll20.net/image_library/fetchroot" rel="nofollow">https://app.roll20.net/image_library/fetchroot</a> net::ERR_FAILED send @ jquery-1.9.1.js:8526 ajax @ jquery-1.9.1.js:7978 jQuery.&lt;computed&gt; @ jquery-1.9.1.js:7614 d20.library.buildLibraryIndex @ app.js?1578421880:569 (anonymous) @ app.js?1578421880:569 fire @ jquery-1.9.1.js:1037 fireWith @ jquery-1.9.1.js:1148 ready @ jquery-1.9.1.js:433 completed @ jquery-1.9.1.js:103 DevTools failed to parse SourceMap: <a href="https://app.roll20dev.net/js/d20/underscore-min.map" rel="nofollow">https://app.roll20dev.net/js/d20/underscore-min.map</a> app.js?1578421880:551 Final page load. app.js?1578421880:549 Auth'ed. app.js?1578421880:549 Go post auth! app.js?1578421880:549 initial setup app.js?1578421880:550 joining game... app.js?1578421880:547 Full load page! app.js?1578421880:549 We have 1 pages app.js?1578421880:548 Player -Lsz47zcKt-d4MHDmLRy is offline... app.js?1578421880:550 Deferred finish joining... app.js?1578421880:541 Firebase Online (index):1 [DOM] Found 2 elements with non-unique id #color_value: (More info: <a href="https://goo.gl/9p2vKq" rel="nofollow">https://goo.gl/9p2vKq</a>) &lt;input type=​"text" size=​"8" id=​"color_value"&gt;​ &lt;input type=​"text" size=​"8" id=​"color_value"&gt;​ (index):1 Access to XMLHttpRequest at '<a href="https://app.roll20.net/image_library/fetchorphanassets/false/1" rel="nofollow">https://app.roll20.net/image_library/fetchorphanassets/false/1</a>' from origin '<a href="https://app.roll20dev.net" rel="nofollow">https://app.roll20dev.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. jquery-1.9.1.js:8526 GET <a href="https://app.roll20.net/image_library/fetchorphanassets/false/1" rel="nofollow">https://app.roll20.net/image_library/fetchorphanassets/false/1</a> net::ERR_FAILED send @ jquery-1.9.1.js:8526 ajax @ jquery-1.9.1.js:7978 jQuery.&lt;computed&gt; @ jquery-1.9.1.js:7614 d20.library.buildRecentUploads @ app.js?1578421880:569 (anonymous) @ app.js?1578421880:548 (anonymous) @ base.js?1576005203:6 setTimeout (async) C.delay @ base.js?1576005203:6 C.defer @ base.js?1576005203:6 initialize @ app.js?1578421880:548 t.Model @ base.js?1576005203:7 T.i @ base.js?1576005203:8 _prepareModel @ base.js?1576005203:7 add @ base.js?1576005203:7 reset @ base.js?1576005203:7 (anonymous) @ app.js?1578421880:549 (anonymous) @ firebase.2.4.0.js:201 gc @ firebase.2.4.0.js:52 cc @ firebase.2.4.0.js:30 dc @ firebase.2.4.0.js:29 h.Kb @ firebase.2.4.0.js:220 h.Ld @ firebase.2.4.0.js:188 Eh.Ld @ firebase.2.4.0.js:178 (anonymous) @ firebase.2.4.0.js:176 yh @ firebase.2.4.0.js:170 La.onmessage @ firebase.2.4.0.js:169 (index):1 Access to XMLHttpRequest at '<a href="https://app.roll20.net/image_library/validatefolderstructure/" rel="nofollow">https://app.roll20.net/image_library/validatefolderstructure/</a>' from origin '<a href="https://app.roll20dev.net" rel="nofollow">https://app.roll20dev.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. jquery-1.9.1.js:8526 POST <a href="https://app.roll20.net/image_library/validatefolderstructure/" rel="nofollow">https://app.roll20.net/image_library/validatefolderstructure/</a> net::ERR_FAILED send @ jquery-1.9.1.js:8526 ajax @ jquery-1.9.1.js:7978 jQuery.&lt;computed&gt; @ jquery-1.9.1.js:7614 d20.library.validateFolderStructure @ app.js?1578421880:570 (anonymous) @ app.js?1578421880:548 (anonymous) @ base.js?1576005203:6 setTimeout (async) C.delay @ base.js?1576005203:6 C.defer @ base.js?1576005203:6 initialize @ app.js?1578421880:548 t.Model @ base.js?1576005203:7 T.i @ base.js?1576005203:8 _prepareModel @ base.js?1576005203:7 add @ base.js?1576005203:7 reset @ base.js?1576005203:7 (anonymous) @ app.js?1578421880:549 (anonymous) @ firebase.2.4.0.js:201 gc @ firebase.2.4.0.js:52 cc @ firebase.2.4.0.js:30 dc @ firebase.2.4.0.js:29 h.Kb @ firebase.2.4.0.js:220 h.Ld @ firebase.2.4.0.js:188 Eh.Ld @ firebase.2.4.0.js:178 (anonymous) @ firebase.2.4.0.js:176 yh @ firebase.2.4.0.js:170 La.onmessage @ firebase.2.4.0.js:169 (index):1 Mixed Content: The page at '<a href="https://app.roll20dev.net/editor/" rel="nofollow">https://app.roll20dev.net/editor/</a>' was loaded over HTTPS, but requested an insecure image '<a href="http://imgsrv.roll20.net:5100/?src=/images/character.png&amp;cb=5" rel="nofollow">http://imgsrv.roll20.net:5100/?src=/images/character.png&amp;cb=5</a>'. This content should also be served over HTTPS. (index):1 Access to image at '<a href="http://imgsrv.roll20.net:5100/?src=/images/character.png&amp;cb=5" rel="nofollow">http://imgsrv.roll20.net:5100/?src=/images/character.png&amp;cb=5</a>' from origin '<a href="https://app.roll20dev.net" rel="nofollow">https://app.roll20dev.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. imgsrv.roll20.net:5100/?src=/images/character.png&amp;cb=5:1 GET <a href="http://imgsrv.roll20.net:5100/?src=/images/character.png&amp;cb=5" rel="nofollow">http://imgsrv.roll20.net:5100/?src=/images/character.png&amp;cb=5</a> net::ERR_FAILED Image (async) e.fabric.Image.fabric.Image.fromURL @ app.js?1578421880:541 fullyActivateView @ app.js?1578421880:546 (anonymous) @ app.js?1578421880:547 C.each.C.forEach @ base.js?1576005203:6 u.&lt;computed&gt; @ base.js?1576005203:7 activate @ app.js?1578421880:547 initActivePage @ app.js?1578421880:550 (anonymous) @ app.js?1578421880:550 opt.complete @ jquery-1.9.1.js:9285 fire @ jquery-1.9.1.js:1037 fireWith @ jquery-1.9.1.js:1148 tick @ jquery-1.9.1.js:8736 jQuery.fx.tick @ jquery-1.9.1.js:9317 setInterval (async) jQuery.fx.start @ jquery-1.9.1.js:9338 jQuery.fx.timer @ jquery-1.9.1.js:9330 Animation @ jquery-1.9.1.js:8795 doAnimation @ jquery-1.9.1.js:9121 dequeue @ jquery-1.9.1.js:1936 (anonymous) @ jquery-1.9.1.js:1979 each @ jquery-1.9.1.js:648 each @ jquery-1.9.1.js:270 queue @ jquery-1.9.1.js:1972 animate @ jquery-1.9.1.js:9134 switchPageByIndex @ app.js?1578421880:550 switchPageById @ app.js?1578421880:550 handlePlayerPageChanges @ app.js?1578421880:549 (anonymous) @ app.js?1578421880:549 (anonymous) @ base.js?1576005203:6 setTimeout (async) C.delay @ base.js?1576005203:6 C.defer @ base.js?1576005203:6 (anonymous) @ app.js?1578421880:549 (anonymous) @ firebase.2.4.0.js:201 gc @ firebase.2.4.0.js:52 cc @ firebase.2.4.0.js:30 dc @ firebase.2.4.0.js:29 h.Kb @ firebase.2.4.0.js:220 h.Ld @ firebase.2.4.0.js:188 Eh.Ld @ firebase.2.4.0.js:178 (anonymous) @ firebase.2.4.0.js:176 yh @ firebase.2.4.0.js:170 La.onmessage @ firebase.2.4.0.js:169 app.js?1578421880:541 Error loading graphic, probably due to CORS. Trying once without CORS for /images/character.png (anonymous) @ app.js?1578421880:541 error (async) e.fabric.Image.fabric.Image.fromURL @ app.js?1578421880:541 fullyActivateView @ app.js?1578421880:546 (anonymous) @ app.js?1578421880:547 C.each.C.forEach @ base.js?1576005203:6 u.&lt;computed&gt; @ base.js?1576005203:7 activate @ app.js?1578421880:547 initActivePage @ app.js?1578421880:550 (anonymous) @ app.js?1578421880:550 opt.complete @ jquery-1.9.1.js:9285 fire @ jquery-1.9.1.js:1037 fireWith @ jquery-1.9.1.js:1148 tick @ jquery-1.9.1.js:8736 jQuery.fx.tick @ jquery-1.9.1.js:9317 setInterval (async) jQuery.fx.start @ jquery-1.9.1.js:9338 jQuery.fx.timer @ jquery-1.9.1.js:9330 Animation @ jquery-1.9.1.js:8795 doAnimation @ jquery-1.9.1.js:9121 dequeue @ jquery-1.9.1.js:1936 (anonymous) @ jquery-1.9.1.js:1979 each @ jquery-1.9.1.js:648 each @ jquery-1.9.1.js:270 queue @ jquery-1.9.1.js:1972 animate @ jquery-1.9.1.js:9134 switchPageByIndex @ app.js?1578421880:550 switchPageById @ app.js?1578421880:550 handlePlayerPageChanges @ app.js?1578421880:549 (anonymous) @ app.js?1578421880:549 (anonymous) @ base.js?1576005203:6 setTimeout (async) C.delay @ base.js?1576005203:6 C.defer @ base.js?1576005203:6 (anonymous) @ app.js?1578421880:549 (anonymous) @ firebase.2.4.0.js:201 gc @ firebase.2.4.0.js:52 cc @ firebase.2.4.0.js:30 dc @ firebase.2.4.0.js:29 h.Kb @ firebase.2.4.0.js:220 h.Ld @ firebase.2.4.0.js:188 Eh.Ld @ firebase.2.4.0.js:178 (anonymous) @ firebase.2.4.0.js:176 yh @ firebase.2.4.0.js:170 La.onmessage @ firebase.2.4.0.js:169 here's a log for searching 'dragon'.&nbsp; I just get an infinite "searching..." cursor in the sidebar that never resolves. (index):1 Access to XMLHttpRequest at '<a href="https://app.roll20.net/image_library/usersearch" rel="nofollow">https://app.roll20.net/image_library/usersearch</a>' from origin '<a href="https://app.roll20dev.net" rel="nofollow">https://app.roll20dev.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. jquery-1.9.1.js:8526 POST <a href="https://app.roll20.net/image_library/usersearch" rel="nofollow">https://app.roll20.net/image_library/usersearch</a> net::ERR_FAILED send @ jquery-1.9.1.js:8526 ajax @ jquery-1.9.1.js:7978 jQuery.&lt;computed&gt; @ jquery-1.9.1.js:7614 h @ app.js?1578421880:569 r @ base.js?1576005203:6 setTimeout (async) (anonymous) @ base.js?1576005203:6 (anonymous) @ app.js?1578421880:568 dispatch @ jquery-1.9.1.js:3074 elemData.handle @ jquery-1.9.1.js:2750 (index):1 Access to XMLHttpRequest at '<a href="https://app.roll20.net/image_library/websearch/all/dragon/1" rel="nofollow">https://app.roll20.net/image_library/websearch/all/dragon/1</a>' from origin '<a href="https://app.roll20dev.net" rel="nofollow">https://app.roll20dev.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. jquery-1.9.1.js:8526 GET <a href="https://app.roll20.net/image_library/websearch/all/dragon/1" rel="nofollow">https://app.roll20.net/image_library/websearch/all/dragon/1</a> net::ERR_FAILED send @ jquery-1.9.1.js:8526 ajax @ jquery-1.9.1.js:7978 jQuery.&lt;computed&gt; @ jquery-1.9.1.js:7614 h @ app.js?1578421880:569 r @ base.js?1576005203:6 setTimeout (async) (anonymous) @ base.js?1576005203:6 (anonymous) @ app.js?1578421880:568 dispatch @ jquery-1.9.1.js:3074 elemData.handle @ jquery-1.9.1.js:2750 (index):1 Access to XMLHttpRequest at '<a href="https://app.roll20.net/image_library/search_marketplace/all/dragon" rel="nofollow">https://app.roll20.net/image_library/search_marketplace/all/dragon</a>' from origin '<a href="https://app.roll20dev.net" rel="nofollow">https://app.roll20dev.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. jquery-1.9.1.js:8526 GET <a href="https://app.roll20.net/image_library/search_marketplace/all/dragon" rel="nofollow">https://app.roll20.net/image_library/search_marketplace/all/dragon</a> net::ERR_FAILED send @ jquery-1.9.1.js:8526 ajax @ jquery-1.9.1.js:7978 jQuery.&lt;computed&gt; @ jquery-1.9.1.js:7614 h @ app.js?1578421880:568

Nicholas said: Hi&nbsp;Vince -&nbsp; Huh, that's very strange. I'm unable to replicate this on my end, unfortunately. So, just to double confirm, is this only occurring when you search for something? Or is nothing showing up in your Art Library tab at all, including the Premium Assets &nbsp;tab and My Library &nbsp;tab? Also, do you have access to a different device that has Chrome installed so that you can further test this perchance? If I click on 'My Library', which I know I have lots of images, I simply get an infinite 'Loading Recent Uploads...' message. Nothing shows up at all if I click on 'Premium Assets'.&nbsp; I also have stuff in there as well. I will test on some other systems using Chrome and see if it changes anything.&nbsp; I'll post back. Thanks I did a test on another win 10 system using chrome.&nbsp; Same issues.&nbsp; No assets. I tried FF as well and experienced the same unless I was also logged into the Main/App server at the same time as the Dev. So on two different systems; Chrome doesn't show any Art Assets and has the CORS errors. FF doesn't show any Art Assets unless I'm also logged in on the Main/App server. Hope this helps.

Thanks Nicholas.&nbsp; I gave up running games on the Dev a few years back for similar oddities, but it's fine for testing new features, POC's and such... so not really a priority for me just an annoyance.&nbsp; ;-) Much appreciated.

Just checking back if there's been any headway on this?