Campaign is filled up with Mysterious Notes on login

Detailed description of the problem Every time I start the game many &gt;40&nbsp; Mysterious Notes are created (blank) in the root folder of my notes. I Obviously tried Other browsers (on the same on different PCs). To no avail. I also deactivate&nbsp;any scripts - which had no effect as well. If I archive, delete or move them they are recreated on the next login. Deleting these to have tidy campaign&nbsp;notes is rather&nbsp;cumbersome. I noticed that this did not happen, when I logged in through a browser on a tablet.&nbsp; Does anyone have a similar experience, or maybe an idea for a solution/workaround? Minimum number of steps to reproduce the problem - start campaign Description of setup Firefox, Chrome, (current versions) Extensions deactivated and activated does not make a difference Win10 Chrome Console log (Verbose):&nbsp; <a href="https://www.dropbox.com/s/h96iyqogxed12pw/app.roll20.net-1604224244781.log?dl=0" rel="nofollow">https://www.dropbox.com/s/h96iyqogxed12pw/app.roll20.net-1604224244781.log?dl=0</a> In the log are some issues attached hinting at scripts not being loaded (and other stuff): Content Security Policy blocks inline execution of scripts and stylesheets The Content Security Policy (CSP) prevents cross-site scripting attacks by blocking inline execution of scripts and style sheets. To solve this, move all inline scripts (e.g.&nbsp; onclick=[JS code] ) and styles into external files. ⚠️ Allowing inline execution comes at the risk of script injection via injection of HTML script elements. If you absolutely must, you can allow inline script and styles by: adding&nbsp; unsafe-inline &nbsp;as a source to the CSP header adding the hash or nonce of the inline script to your CSP header. AFFECTED RESOURCES 2 directives Learn more: Learn more: Content Security Policy - Inline Code 1 Content Security Policy of your site blocks some resources because their origin is not included in the content security policy header The Content Security Policy (CSP) improves the security of your site by defining a list of trusted sources and instructs the browser to only execute or render resources from this list. Some resources on your site can't be accessed because their origin is not listed in the CSP. To solve this, carefully check that all of the blocked resources listed below are trustworthy; if they are, include their sources in the content security policy of your site. You can set a policy as a HTTP header (recommended), or via an HTML&nbsp; &lt;meta&gt; &nbsp;tag. ⚠️ Never add a source you don't trust to your site's Content Security Policy. If you don't trust the source, consider hosting resources on your own site instead. AFFECTED RESOURCES 1 directive Resource Status Directive Source code <a href="https://js-agent.newrelic.com/nr-1167.min.js" rel="nofollow">https://js-agent.newrelic.com/nr-1167.min.js</a> blocked script-src-elem app.roll20.net/:424 Learn more: Content Security Policy - Source Allowlists 3 Mixed content: load all resources via HTTPS to improve the security of your site Even though the initial HTML page is loaded over a secure HTTPS connection, some resources like images, stylesheets or scripts are being accessed over an insecure HTTP connection. Usage of insecure resources is restricted to strengthen the security of your entire site. To resolve this issue load all resources over a secure HTTPS connection. AFFECTED RESOURCES 2 requests 2 resources Learn more: Preventing mixed content

Your APIs are all shut off?&nbsp; And you've verified that there's no messaging coming out of the APIs when you restart the sandbox?&nbsp;&nbsp;

Yes: the only message was: Spinning up new sandbox... Error downloading scripts (probably no scripts exist for campaign.) Additionally I only use your script CombatMaster in version 2.34 (thanks a lot btw). But as it also appeared with version 2.0 (latest from roll20 instead of github) and 2.32 I shut it down to verify and it had no effect. If I use a browser on a tablet (instead of my other PCs) this does not happen. Which makes me think it is not a script.

To be safe, use version 2.36 found here:&nbsp; <a href="https://github.com/vicberg/CombatMaster" rel="nofollow">https://github.com/vicberg/CombatMaster</a> .&nbsp; Don't use Roll20 One Click.&nbsp;&nbsp; There were a couple versions that spun out mysterious notes, but that was quite a while ago.&nbsp; Make sure CM is disabled and you've deleted all the notes and then restart the sandbox.&nbsp; If they don't show up again, you know where the issue it.&nbsp;&nbsp;

I did the following: disabled 2.34 of CombatMaster created new script for 2.36 disabled new script as well started up game deleted all Mysterious Notes Hit F5 All Mysterious Notes are back Enabled CombatMaster 2.36 I don't think it is your script. Interestingly&nbsp;enough this does not happen if I use a browser on my tablet, but only on any browser (Firefox, Chrome) on any of my 2 PCs. Thanks for your support.

WTF, there's got to be something creating those.&nbsp; It's not random.&nbsp; That points to an API.&nbsp; You don't have an older version of CM running at same time right? Or anything else?&nbsp; .Suggestion create a copy of your game.&nbsp; APIs don't copy.&nbsp; See if problem persists THEN bring in each API one by one, save that script, see if the notes reappear

That sounds like a great Idea. I had my hope up to just use the copy of the game afterwards. But alas, this did not work. Copy game (no API scripts :) ) Deleted all Mysterious Notes in copy logged out of game logged back into game Mysterious Notes are back Thanks for your ideas though :)

This is crazy. Your game is haunted. Does a brand new game (not a copy) have the same Mysterious Notes spam? If not, you could transmorgrify needed assets from your current game to that one. If that is too much to deal with, then at this point I think you should review this article and start a support ticket with Roll20.

What happens if you archive the Mysterious Notes? If the Haunting is tied to the _id's of those objects, they will still exist and maybe won't be created again. No offense intended with this suggestion but... do you have anyone else with GM privileges who has a sick sense of humour? It's the kind of thing I would do...

That is about a strange an issue as I've read about.&nbsp; &nbsp;

Archiving will just create more notes and then I have to delete the double. I have already created a support ticket, but it was closed with "reported to devs". Which closed the communication not allowing me to try around how to solve this for me now. Which is why I created this thread to find some solution. I have many other games that do not have this issue. So a clean one will be fine. I would have to reorganize all things as I cannot transmogrify folders, but maybe that is the best way forward. There are no other GM's in the game (and this happens if no others are logged in as well). Hitting F5 will suffice. At first I thought, maybe they are not deleted, but when I archive them I just get new once, so they *are* deleted and recreated. Yes this is the right issue to have with a game this time of the year. Maybe I should have run a horror story. In a game of Cthulhu this would be fitting. Thanks for your ideas.