My tokens and bars seem quite distorted on chrome. Chrome vs Firefox: You'll notice many of the ballista are missing - a player (Magnus) is missing. The healthbars are all distorted. I see several images blocked in the console. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> https://*.googlesyndication.com https://*.firebaseio.com https://*.googlesyndication.com https://*.opentok.com https://*.googlesyndication.com <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-4eN4tw6J9sccojnVBJxI6lPJOMpHnRSrZ-mWJg4Wwow='), or a nonce ('nonce-...') is required to enable inline execution.
app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> https://*.googlesyndication.com https://*.firebaseio.com https://*.googlesyndication.com https://*.opentok.com https://*.googlesyndication.com <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-N4rT-GhE0K4LJ4zTB64Bkmk5xSsA8M7MPSk1qY82nAQ='), or a nonce ('nonce-...') is required to enable inline execution.
Failed to load resource: the server responded with a status of 403 (Forbidden)
<a href="https://s3.amazonaws.com/files.d20.io/images/7600" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/7600</a>... Failed to load resource: the server responded with a status of 403 (Forbidden)
<a href="https://s3.amazonaws.com/files.d20.io/images/7600" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/7600</a>... Failed to load resource: the server responded with a status of 403 (Forbidden)
<a href="https://s3.amazonaws.com/files.d20.io/images/7600" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/7600</a>... Failed to load resource: the server responded with a status of 403 (Forbidden)
Failed to load resource: the server responded with a status of 403 (Forbidden)
<a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden)
3app.js?1437884211:28 Error loading image, probably due to cors. Trying once without CORS for <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>...
<a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden)
<a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden)
2app.js?1437884211:28 Error loading image, probably due to cors. Trying once without CORS for <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>...
2app.js?1437884211:28 Error loading image, probably due to cors. Trying once without CORS for <a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>...
<a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden)
app.js?1437884211:36 Updating character sheet values
<a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden)
4app.js?1437884211:36 Updating character sheet values
<a href="https://s3.amazonaws.com/files.d20.io/images/1069" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1069</a>... Failed to load resource: the server responded with a status of 403 (Forbidden)
Image from origin '<a href="https://s3.amazonaws.com" rel="nofollow">https://s3.amazonaws.com</a>' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '<a href="https://app.roll20.net" rel="nofollow">https://app.roll20.net</a>' is therefore not allowed access. Any ideas what may be causing this? It just started this week. It also happens on my other campaign that is using no API scripts.