Roll20 uses cookies to improve your experience on our site. Cookies enable you to enjoy certain features, social sharing functionality, and tailor message and display ads to your interests on our site and others. They also help us understand how our site is being used. By continuing to use our site, you consent to our use of cookies. Update your cookie preferences .
×
×

Cookie Preferences

We use Cookies to help personalize and improve Roll20. For more information on our use of non-essential Cookies, visit our Privacy Policy here.
Create a free account

Past few weeks I'm getting Content Security Policy (CSP) browser console errors on latest Chrome on Linux

  1. Community Forums
  2. Bug Reports & Technical Issues
  3. Past few weeks I'm getting Content Security Policy (CSP) browser console errors on latest Chrome on Linux
1694792443
Friar
Plus
Permalink for 11621522 Quote
JQMIGRATE: Logging is active Refused to load the script '<a href="https://bat.bing.com/bat.js" rel="nofollow">https://bat.bing.com/bat.js</a>' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-lsXtywIXLMpZpGFb' 'nonce-xHOMPzppzIDNvMsf' <a href="https://cdn.roll20.net" rel="nofollow">https://cdn.roll20.net</a> blob: <a href="https://www.datadoghq-browser-agent.com" rel="nofollow">https://www.datadoghq-browser-agent.com</a> <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com https://*.fullstory.com <a href="https://www.googletagmanager.com" rel="nofollow">https://www.googletagmanager.com</a> https://*.refiner.io https://*.maze.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. vtt.bundle.js:38219 70 vtt.bundle.js:38251 TOUCH SUPPORTED: false vtt.bundle.js:22154 Uncaught Error: Could not get WebGL context &nbsp; &nbsp; at new t (vtt.bundle.js:22154:7045) &nbsp; &nbsp; at vtt.bundle.js:38251:89034 &nbsp; &nbsp; at vtt.bundle.js:38255:43011 &nbsp; &nbsp; at vtt.bundle.js:38420:25423 &nbsp; &nbsp; at vtt.bundle.js:38420:25427 tutorial_tips.js:7 tuts loaded Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-lsXtywIXLMpZpGFb' 'nonce-xHOMPzppzIDNvMsf' <a href="https://cdn.roll20.net" rel="nofollow">https://cdn.roll20.net</a> blob: <a href="https://www.datadoghq-browser-agent.com" rel="nofollow">https://www.datadoghq-browser-agent.com</a> <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com https://*.fullstory.com <a href="https://www.googletagmanager.com" rel="nofollow">https://www.googletagmanager.com</a> https://*.refiner.io https://*.maze.co". Either the 'unsafe-inline' keyword, a hash ('sha256-77bgQblnRaKk1m8aq2FHqKiER4ywljc0EoTvK4RBca4='), or a nonce ('nonce-...') is required to enable inline execution. &nbsp;Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-lsXtywIXLMpZpGFb' 'nonce-xHOMPzppzIDNvMsf' <a href="https://cdn.roll20.net" rel="nofollow">https://cdn.roll20.net</a> blob: <a href="https://www.datadoghq-browser-agent.com" rel="nofollow">https://www.datadoghq-browser-agent.com</a> <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com https://*.fullstory.com <a href="https://www.googletagmanager.com" rel="nofollow">https://www.googletagmanager.com</a> https://*.refiner.io https://*.maze.co". Either the 'unsafe-inline' keyword, a hash ('sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs='), or a nonce ('nonce-...') is required to enable inline execution. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-lsXtywIXLMpZpGFb' 'nonce-xHOMPzppzIDNvMsf' <a href="https://cdn.roll20.net" rel="nofollow">https://cdn.roll20.net</a> blob: <a href="https://www.datadoghq-browser-agent.com" rel="nofollow">https://www.datadoghq-browser-agent.com</a> <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com https://*.fullstory.com <a href="https://www.googletagmanager.com" rel="nofollow">https://www.googletagmanager.com</a> https://*.refiner.io https://*.maze.co". Either the 'unsafe-inline' keyword, a hash ('sha256-T7lR+ibvQarg3W9mbFJwhc8qOfagddrVEM59s6xPa8M='), or a nonce ('nonce-...') is required to enable inline execution. roll20.js:3725 Beyond20: Roll20 module loaded. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-lsXtywIXLMpZpGFb' 'nonce-xHOMPzppzIDNvMsf' <a href="https://cdn.roll20.net" rel="nofollow">https://cdn.roll20.net</a> blob: <a href="https://www.datadoghq-browser-agent.com" rel="nofollow">https://www.datadoghq-browser-agent.com</a> <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com https://*.fullstory.com <a href="https://www.googletagmanager.com" rel="nofollow">https://www.googletagmanager.com</a> https://*.refiner.io https://*.maze.co". Either the 'unsafe-inline' keyword, a hash ('sha256-siKO7VZ0iZMKlho62NQhXEaEUaryXDloN4SwTF2euL4='), or a nonce ('nonce-...') is required to enable inline execution. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-lsXtywIXLMpZpGFb' 'nonce-xHOMPzppzIDNvMsf' <a href="https://cdn.roll20.net" rel="nofollow">https://cdn.roll20.net</a> blob: <a href="https://www.datadoghq-browser-agent.com" rel="nofollow">https://www.datadoghq-browser-agent.com</a> <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com https://*.fullstory.com <a href="https://www.googletagmanager.com" rel="nofollow">https://www.googletagmanager.com</a> https://*.refiner.io https://*.maze.co". Either the 'unsafe-inline' keyword, a hash ('sha256-VussMEcsqEPalla4i7RvpHqvRE4+2WmSh4DL2kBzaD4='), or a nonce ('nonce-...') is required to enable inline execution. &nbsp;Uncaught TypeError: d20ext.finalPageLoad is not a function vtt.bundle.js:22290 Uncaught TypeError: Cannot read properties of undefined (reading 'activePage') &nbsp; &nbsp; at vtt.bundle.js:22290:63051
1694809625
Gauss
Forum Champion
Permalink for 11621816 Quote
Hi Friar,&nbsp; As this is probably beyond the ability of users to help I suggest filing a bug report with the Devs via the Help Center . The Bug Report forum is primarily for users helping users.&nbsp;
You must Login to your Roll20 Account to post a reply.