Stuck on loading screen ...

This is still an issue for me. 1) A link to a game experiencing the issue: <a href="https://app.roll20.net/editor/setcampaign/3467875" rel="nofollow">https://app.roll20.net/editor/setcampaign/3467875</a> 2) A list of your system's information, as seen below: Web Browser - Firefox Browser Version - 75.0 (64-bit) Operating System - Linux (kernel 5.4.27) If Javascript is enabled - Enabled List of any browser add-ons or extensions enabled - None (used a new profile to test) 3) A &nbsp;Console Log from the moment you logged into the page till when you encounter: Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). editor :12:1 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). editor :13:1 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 3 jquery-1.9.1.js :1444:6 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 3 jquery-1.9.1.js :1450:5 JQMIGRATE: Logging is active jquery.migrate.js :20:10 Failed to create WebGL context: WebGL creation failed: * tryNativeGL * Exhausted GL driver options. featuredetect.js :4:111 This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”. editor CAMPAIGN ID: 3467875 startjs :15:9 70 app.js :552:26453 TOUCH SUPPORTED: false app.js :554:15373 RTCIceServer.url is deprecated! Use urls instead. 3 app.js :278 Failed to create WebGL context: WebGL creation failed: * tryNativeGL * Exhausted GL driver options. app.js :552:30293 TypeError: this.gl is null app.js :552:30334 TypeError: d20.engine.finishCurrentPolygon is not a function app.js :547:12749 Request to access cookie or storage on “ <a href="https://cdn.inspectlet.com/inspectlet.js?wid=360929120&amp;r=440799" rel="nofollow">https://cdn.inspectlet.com/inspectlet.js?wid=360929120&amp;r=440799</a> ” was blocked because it came from a tracker and content blocking is enabled. Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). inspectlet.js :4:8118 TypeError: d20ext.finalPageLoad is not a function startjs :40:105

The fix was put in place to support order browsers but it doesn't work for me either. I think someone still working on it but I'm not sure. With any luck it won't be much longer.

hey stuck on an infinite loading screen as well, if you are a part of the roll20 team please respond with a solution rather then the copy/pastes i have been reading on this thread. here is the link to the game -&nbsp; <a href="https://app.roll20.net/campaigns/details/6938053/waterdeep-with-a-bunch-of-rag-tag-group-of-orphans" rel="nofollow">https://app.roll20.net/campaigns/details/6938053/waterdeep-with-a-bunch-of-rag-tag-group-of-orphans</a> &nbsp; and from in game - <a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a> &nbsp; os is Mac os 10.8.5 Cache = cleared&nbsp; javascript = enabled&nbsp; extensions = disabled, all of them add ons = none brow ser in question is chrome, updated to &nbsp; 49.0.2623.112 console has the same security policy as everyone else who has posted on here will copy/paste below app.roll20.net/:12 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-7i5III4TOYTKVlbz' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-NmRqUblTrRkysGtQ8hQjwGNsHWj8V+W390DxMhYf46I='), or a nonce ('nonce-...') is required to enable inline execution. app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-7i5III4TOYTKVlbz' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-/XHNKTzdVLpPBcMgsOl9LN6PEC5ufZbaLdoU14BWKr0='), or a nonce ('nonce-...') is required to enable inline execution. /v2/js/jquery.migrate.js:20 JQMIGRATE: Logging is active app.roll20.net/:15 CAMPAIGN ID: 6938053 app.js:563 Uncaught SyntaxError: Unexpected identifier app.roll20.net/:36 Uncaught ReferenceError: soundManager is not defined

I got it to work on Firefox, but not on Chrome. My computer is so old, Roll20 was the only "gaming" it was fit for. Now, it looks like it'll soon be too old for that too.

I haven't been able to get any browsers to work. I've tried Firefox, Opera, Internet Explorer, nothing works

I am also getting stuck at the loading screen in Firefox and Chrome. I am running an older laptop with Windows XP, but Roll20 worked up until this past week and now it just keeps getting stuck. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-hHRynYO7fIyD6qyt' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-ottCqqljiIlD0KT8ZgoKKJurlzD6xAnNiNrqFStJAyM='), or a nonce ('nonce-...') is required to enable inline execution. app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-hHRynYO7fIyD6qyt' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-/XHNKTzdVLpPBcMgsOl9LN6PEC5ufZbaLdoU14BWKr0='), or a nonce ('nonce-...') is required to enable inline execution. jquery.migrate.js:20 JQMIGRATE: Logging is active ?timestamp=1586991562&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forceto…:15 CAMPAIGN ID: 6230029 app.js:563 Uncaught SyntaxError: Unexpected identifier ?timestamp=1586991562&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forceto…:36 Uncaught ReferenceError: soundManager is not defined

for those of you who are using edge, please make sure you've updated to the newest version of edge. you shouldn't have any issues after that.&nbsp; that was all it took for me to get past the loading screen.&nbsp;&nbsp;

I downloaded Ubuntu and have it on a USB. At least I can update Firefox, etc. if I boot to Linux. :}

WTF It has been going on for days now and I still can not get passed the Loading Screen. I am paying for a service that I can't use, I am housebound because of this damned virus crud and it would be nice to have something to do to keep from going god-damned crazy! Will someone fix this or send me enough money to buy a new computer? At this point I am open to either. Thank you!

having the same problem as everyone else.

Another report of this problem. I was working fine up until last night (but having other bugs to do with vanishing tokens and lighting not working properly). After this recent push I am now getting the same problem as others have reported here. In my case the blocked resource lines are: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-26IyKJpkeRBVRmjH' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-6RSLuDvIn+BM5pCL3yDbiapQyhuLoJotrZEJGum9mts='), or a nonce ('nonce-...') is required to enable inline execution. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-26IyKJpkeRBVRmjH' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-/XHNKTzdVLpPBcMgsOl9LN6PEC5ufZbaLdoU14BWKr0='), or a nonce ('nonce-...') is required to enable inline execution. Which point to two inline script statements at the top of the file to do with New Relic End User Monitoring (truncated for brevity) &lt;script&gt; window.NREUM||(NREUM={});NREUM.info={"beacon":... AND &lt;script&gt; (window.NREUM||(NREUM={})).loader_config={licenseKey:... I am not familiar with CSP but I it looks like that error message is saying that you needed to put the nonce from the header in the script block definition of any inline script for it to be trusted, can anyone with practical experience confirm or refute this hypothesis?

Nicholas said: Hey&nbsp;PhoeM - What browser version and Operating System are you running? Win7 (please don't judge me, I was planning a machine build before this virus lockdown hit and now I can't get components and don't want to reformat my existing machine ~&gt;_&lt;~) and Chrome 81.0.4044.113 | Firefox 75.0 both of which report they are up to date.

Got it, browser.sentry-cdn.com is resolving to 0.0.0.0 because of my pihole network security so I am not getting bundle.js delivered which means the reference to sentry isn't loading and that cascades onwards causing null references elsewhere. Whitelisted it in my blocking software and now everything is working. Sorry for distracting from the actual issue

Hi, I've got two machines unable to load into my game. Both were working fine last night. One is a pc running windows 10, the other is a macbook running whatever the latest Catalina version is, both are using Firefox. Link to game: <a href="https://app.roll20.net/campaigns/details/6912390/sports-2-dot-0" rel="nofollow">https://app.roll20.net/campaigns/details/6912390/sports-2-dot-0</a> PC log: Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). editor:12:1 Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). editor:13:1 Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). 2 utils.js:35:9 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <a href="https://browser.sentry-cdn.com/5.15.4/bundle.min.js" rel="nofollow">https://browser.sentry-cdn.com/5.15.4/bundle.min.js</a> . (Reason: CORS request did not succeed). None of the "sha384" hashes in the integrity attribute match the content of the subresource. editor &lt;script&gt; source URI is not allowed in this document: " <a href="https://cdn.inspectlet.com/inspectlet.js?wid=360929120&amp;r=440875" rel="nofollow">https://cdn.inspectlet.com/inspectlet.js?wid=360929120&amp;r=440875</a> ". editor:1:1 Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). 3 jquery-1.9.1.js:1444:6 Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). 3 jquery-1.9.1.js:1450:5 JQMIGRATE: Logging is active jquery.migrate.js:20:10 This page uses the non standard property "zoom". Consider using calc() in the relevant property values, or using "transform" along with "transform-origin: 0 0". editor ReferenceError: Sentry is not defined startjs:1:1 ReferenceError: d20ext is not defined loading.js:1:1 RTCIceServer.url is deprecated! Use urls instead. 3 app.js:278 TypeError: window.d20ext is undefined app.js:547:16942 tuts loaded tutorial_tips.js:7:10 macbook log: Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). editor:12:1 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). editor:13:1 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <a href="https://browser.sentry-cdn.com/5.15.4/bundle.min.js" rel="nofollow">https://browser.sentry-cdn.com/5.15.4/bundle.min.js</a>. (Reason: CORS request did not succeed). None of the “sha384” hashes in the integrity attribute match the content of the subresource. editor JQMIGRATE: Logging is active jquery.migrate.js:20:10 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 3 jquery-1.9.1.js:1444:6 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 3 jquery-1.9.1.js:1450:5 This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”. editor &lt;script&gt; source URI is not allowed in this document: “<a href="https://cdn.inspectlet.com/inspectlet.js?wid=360929120&amp;r=440875”" rel="nofollow">https://cdn.inspectlet.com/inspectlet.js?wid=360929120&amp;r=440875”</a>. editor:1:1 ReferenceError: Sentry is not defined startjs:1:1 ReferenceError: d20ext is not defined loading.js:1:1 RTCIceServer.url is deprecated! Use urls instead. 3 app.js:278 TypeError: window.d20ext is undefined app.js:547:16942 tuts loaded tutorial_tips.js:7:10

Nicholas said: Hello&nbsp;PhoeM -&nbsp; No worries! To confirm, are you experiencing this on one game or multiple games? It was all games, but I've got it now. I was blocking one of the Content Delivery sites you use at my perimeter (they must have made it onto one of my maximum paranoia block lists at some point in the past by being exploited) so scripts from there never loaded which caused lots of knock on effects. Everything is good now that I have allowed it to work. Researching more into this, it appears that Browser Sentry has made it onto a lot of block lists because it is intrusive, so this might actually be the problem other people are experiencing. As block lists are usually per-security app it would also account for why some people suffer the error and some don't. I can see LordYod's console output is failing on the same URL due to CORS.

PhoeM said: Nicholas said: Hello&nbsp;PhoeM -&nbsp; No worries! To confirm, are you experiencing this on one game or multiple games? It was all games, but I've got it now. I was blocking one of the Content Delivery sites you use at my perimeter (they must have made it onto one of my maximum paranoia block lists at some point in the past by being exploited) so scripts from there never loaded which caused lots of knock on effects. Everything is good now that I have allowed it to work. I suspect this may be my issue as well, can you share which site it was?

lordyod said: I suspect this may be my issue as well, can you share which site it was? <a href="https://browser.sentry-cdn.com/" rel="nofollow">https://browser.sentry-cdn.com/</a>

PhoeM said: lordyod said: I suspect this may be my issue as well, can you share which site it was? <a href="https://browser.sentry-cdn.com/" rel="nofollow">https://browser.sentry-cdn.com/</a> I just whitelisted this site in my pihole and loading into my game works now. Thanks!

What seemed to work for me was: - activating vpn extension (in my case NordVPN) and using quick connect (connected to Netherlands). - Load a roll20 game, i was able to get past "Loading ..." screen and play normally, even with beyond20 plugin. - after disconnecting the VPN connection and closing/reopening the game,&nbsp; the game loaded normally for me again. - my SO had the same issue on a different PC (same household) and the vpn trick worked for her as well. Chrome&nbsp; Version 81.0.4044.113 (Official Build) (64-bit)

I am having problems in Firefox 75 (latest version) on Manjaro Linux (fully up to date) Looks like its some kind of OpenGL or failed to load script issue. Since this forum wont let me post the logs, I posted them here: <a href="https://hastebin.com/isibanoquq.http" rel="nofollow">https://hastebin.com/isibanoquq.http</a> [Edit] Just to add, it works fine in Chrome 81

So there has been more than a week with this problem and you guys keep posting the same answers. I consider myself a patient guy, but this hasn't been addressed the way it should have.

Found this thread after some other postings. it seems it is a known issue. Guess i join the line waiting to get this Problem solved. Well, not the best thing to convince me to resubscribe but the "development" in the last three years has been on the same level thus I sadly have no expectations what's so ever for a fast resolution of this issue.

Oh some info I happen to stumble upon with Firefox 75. I went to Astral to see something there, I know its a competitor, but it popped up an errors saying WebGL isn't enabled to Hardware Acceleration is missing. Haven't dug too deep into it, but maybe Firefox changed something for the Webgl error to happen. [Edit] Seems Firefox messed with some sandboxing defaults in 75. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1455498" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=1455498</a> Changing `about:config` setting security.sandbox.content.level to 2 should fix it. Alternative solution to not lower sandbox safety so far, is to whitelist driver paths. This is what I used and it fixed it right up. This is for Intel laptop integrated GPUs: security.sandbox.content.read_path_whitelist = /sys/devices/pci0000:00/0000:00:02.0/subsystem or security.sandbox.content.read_path_whitelist = /sys/

Yulian K. has it right (thanks!) I think the correct Firefox bug is this one though: <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1623885" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=1623885</a> (marked fixed in Firefox 77)

Still having this issue... please help, thanks! Operating System Mac OSX 10.8.5 Mountain Lion Web Browser Chrome 49.0.2623.112 Javascript Yes Console- (index):12 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-385KwrvCO7uRofj9' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-rCBblQ7oxxAolgygrWriXnwtSQEZOfCEKjmry3OQuUk='), or a nonce ('nonce-...') is required to enable inline execution. (index):13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-385KwrvCO7uRofj9' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-/XHNKTzdVLpPBcMgsOl9LN6PEC5ufZbaLdoU14BWKr0='), or a nonce ('nonce-...') is required to enable inline execution. jquery.migrate.js:20 JQMIGRATE: Logging is active instrument.ts:129 CAMPAIGN ID: 6920634 app.js?1587138070:563 Uncaught SyntaxError: Unexpected identifier ?timestamp=1587434578&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forceto…:38 Uncaught ReferenceError: soundManager is not defined(anonymous function) @ ?timestamp=1587434578&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forceto…:38fire @ jquery-1.9.1.js:1037self.fireWith @ jquery-1.9.1.js:1148jQuery.extend.ready @ jquery-1.9.1.js:433completed @ jquery-1.9.1.js:103 instrument.ts:157 POST <a href="https://sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7" rel="nofollow">https://sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7</a> 500 ()(anonymous function) @ instrument.ts:157(anonymous function) @ fetch.ts:42n @ syncpromise.ts:30e.sendEvent @ fetch.ts:40n.sendEvent @ basebackend.ts:96(anonymous function) @ baseclient.ts:397e.j.onfulfilled @ syncpromise.ts:103(anonymous function) @ syncpromise.ts:223g @ syncpromise.ts:216j @ syncpromise.ts:204(anonymous function) @ syncpromise.ts:93n @ syncpromise.ts:30n.then @ syncpromise.ts:92(anonymous function) @ baseclient.ts:387n @ syncpromise.ts:30n.on @ baseclient.ts:385n.captureEvent @ baseclient.ts:132n.G @ hub.ts:73n.captureEvent @ hub.ts:218jn.mn.callback @ globalhandlers.ts:103bn @ instrument.ts:101ln.onerror @ instrument.ts:497

For anyone on an old OS that cannot purchase an upgrade at this time, I recommend trying to download xbuntu. I was able to get roll20 past the infinite load by running xbuntu instead of Windows XP on a very old laptop.&nbsp; Alternatively, if you do have some spare cash and are only using your current set-up for simple tasks like web browsing, roll20, etc., there are Acer Chromebooks on ebay for relatively cheap.&nbsp; I got an Acer 11 for $80 including shipping which arrived in 4 days.

I hope this will help resolve the issue at hand <a href="https://app.roll20.net/campaigns/details/6306742" rel="nofollow">https://app.roll20.net/campaigns/details/6306742</a> Web Browser Chrome 81.0.4044.122 Operating System Windows 8.1 (64-bit) Javascript Enabled SD app extension Console Log Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-ZGYzkoqIqsJuC6yk' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-T+pFFwd3B2nzkVl7reED5TizB/Swsykqxv5E9XXxUNQ='), or a nonce ('nonce-...') is required to enable inline execution. app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-ZGYzkoqIqsJuC6yk' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-/XHNKTzdVLpPBcMgsOl9LN6PEC5ufZbaLdoU14BWKr0='), or a nonce ('nonce-...') is required to enable inline execution. browser.sentry-cdn.com/5.15.4/bundle.min.js:1 Failed to load resource: net::ERR_CERT_DATE_INVALID /v2/js/jquery.migrate.js:20 JQMIGRATE: Logging is active app.roll20.net/:1 Uncaught ReferenceError: Sentry is not defined &nbsp; &nbsp; at app.roll20.net/:1 loading.js:1 Uncaught ReferenceError: d20ext is not defined &nbsp; &nbsp; at loading.js:1 app.js:547 Uncaught TypeError: Cannot read property 'siteURL' of undefined &nbsp; &nbsp; at app.js:547 &nbsp; &nbsp; at app.js:586

I am having the same issue as above. I am using Firefox and here is the console messages. Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). editor:12:1 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). editor:13:1 This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”. editor Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <a href="https://browser.sentry-cdn.com/5.15.4/bundle.min.js" rel="nofollow">https://browser.sentry-cdn.com/5.15.4/bundle.min.js</a>. (Reason: CORS request did not succeed). None of the “sha384” hashes in the integrity attribute match the content of the subresource. editor JQMIGRATE: Logging is active jquery.migrate.js:20:10 ReferenceError: Sentry is not defined startjs:1:1 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 3 jquery-1.9.1.js:1444:6 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 3 jquery-1.9.1.js:1450:5 ReferenceError: d20ext is not defined loading.js:1:1 RTCIceServer.url is deprecated! Use urls instead. 3 app.js:278 TypeError: window.d20ext is undefined app.js:547:16942 tuts loaded tutorial_tips.js:7:10 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). inspectlet.js:4:8118

I'm having the same issues. <a href="https://app.roll20.net/campaigns/details/6634554/team-plaguestone" rel="nofollow">https://app.roll20.net/campaigns/details/6634554/team-plaguestone</a> Running on Chrome.&nbsp; Version 81.0.4044.113 (Official Build) (64-bit) No antivirus; no extensions. Emptied the cache. Here's the Console messages: &nbsp; &nbsp; at setMode (app.js?1587756484:547) &nbsp; &nbsp; at HTMLDocument.&lt;anonymous&gt; (app.js?1587756484:552) &nbsp; &nbsp; at fire (jquery-1.9.1.js:1037) &nbsp; &nbsp; at Object.fireWith [as resolveWith] (jquery-1.9.1.js:1148) &nbsp; &nbsp; at Function.ready (jquery-1.9.1.js:433) &nbsp; &nbsp; at HTMLDocument.completed (jquery-1.9.1.js:103) setMode @ app.js?1587756484:547 (anonymous) @ app.js?1587756484:552 fire @ jquery-1.9.1.js:1037 fireWith @ jquery-1.9.1.js:1148 ready @ jquery-1.9.1.js:433 completed @ jquery-1.9.1.js:103 helpers.ts:110 Uncaught TypeError: d20ext.finalPageLoad is not a function &nbsp; &nbsp; at ?timestamp=1587776172&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false:47 &nbsp; &nbsp; at sentryWrapped (helpers.ts:85) (anonymous) @ ?timestamp=1587776172&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false:47 sentryWrapped @ bundle.min.js:2 setTimeout (async) (anonymous) @ bundle.min.js:2 (anonymous) @ ?timestamp=1587776172&amp;disablewebgl=false&amp;forcelongpolling=false&amp;offsite=false&amp;fbdebug=false&amp;forcetouch=false:47 fire @ jquery-1.9.1.js:1037 fireWith @ jquery-1.9.1.js:1148 ready @ jquery-1.9.1.js:433 completed @ jquery-1.9.1.js:103 app.roll20.net/:1 Access to fetch at '<a href="https://sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7" rel="nofollow">https://sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7</a>' from origin '<a href="https://app.roll20.net" rel="nofollow">https://app.roll20.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7:1 Failed to load resource: net::ERR_FAILED app.roll20.net/:1 Access to fetch at '<a href="https://sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7" rel="nofollow">https://sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7</a>' from origin '<a href="https://app.roll20.net" rel="nofollow">https://app.roll20.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-VjPn1zTlcP8Lzi5X' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-hdDkJYhXkCx8eOe3h9ReHtuFpBTbvOABukwf3FsxaiA='), or a nonce ('nonce-...') is required to enable inline execution. app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-VjPn1zTlcP8Lzi5X' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-/XHNKTzdVLpPBcMgsOl9LN6PEC5ufZbaLdoU14BWKr0='), or a nonce ('nonce-...') is required to enable inline execution. jquery.migrate.js:20 JQMIGRATE: Logging is active instrument.ts:129 CAMPAIGN ID: 6634554 instrument.ts:129 70 instrument.ts:129 Custom Sheet Translation instrument.ts:129 TOUCH SUPPORTED: false app.js?1587756484:553 Uncaught TypeError: Cannot read property 'clearColor' of null &nbsp; &nbsp; at new Canvas (app.js?1587756484:553) &nbsp; &nbsp; at app.js?1587756484:557 &nbsp; &nbsp; at app.js?1587756484:559 &nbsp; &nbsp; at app.js?1587756484:586 Canvas @ app.js?1587756484:553 (anonymous) @ app.js?1587756484:557 (anonymous) @ app.js?1587756484:559 (anonymous) @ app.js?1587756484:586 app.js?1587756484:547 Uncaught TypeError: d20.engine.finishCurrentPolygon is not a function sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7:1 Failed to load resource: net::ERR_FAILED app.roll20.net/:1 Access to fetch at '<a href="https://sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7" rel="nofollow">https://sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7</a>' from origin '<a href="https://app.roll20.net" rel="nofollow">https://app.roll20.net</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. sentry.roll20staging.net/api/10/store/?sentry_key=fe596f386bb14775b58cad9accd672d0&amp;sentry_version=7:1 Failed to load resource: net::ERR_FAILED Thanks, Paul

For those who fixed this issue, how did you do it? A line by line what to do to make this work, then I will be happy.&nbsp; I used to program in COBOL and a little in VB6.0, I am not an expert on web pages or web security. Assume I know nothing and talk me through the repair procedure.&nbsp;

Same here. Running Firefox v75 on windows10. Same for my players using firefox on Mac w/Sierra High operating system. A basic step-by-step workthrough would be a great help.

Got this issue as well, listed below. Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-ybBi54bI0p9CTJJE' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-JWa5QI42CPIQBycVEtGny6rrIrXjDzHY4Uuicevhrik='), or a nonce ('nonce-...') is required to enable inline execution. app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-ybBi54bI0p9CTJJE' <a href="http://cdn.inspectlet.com" rel="nofollow">http://cdn.inspectlet.com</a> https://*.googlesyndication.com https://*.doubleclick.net <a href="https://partner.googleadservices.com" rel="nofollow">https://partner.googleadservices.com</a> <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> <a href="https://ssl.google-analytics.com" rel="nofollow">https://ssl.google-analytics.com</a> <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> <a href="https://ajax.googleapis.com" rel="nofollow">https://ajax.googleapis.com</a> <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> <a href="https://d3clqjduf2gvxg.cloudfront.net" rel="nofollow">https://d3clqjduf2gvxg.cloudfront.net</a> <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.firebaseio.com https://*.tokbox.com https://*.opentok.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> <a href="http://www.google-analytics.com" rel="nofollow">http://www.google-analytics.com</a> <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> <a href="https://crowdin.com" rel="nofollow">https://crowdin.com</a> <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a> *.sentry-cdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-/XHNKTzdVLpPBcMgsOl9LN6PEC5ufZbaLdoU14BWKr0='), or a nonce ('nonce-...') is required to enable inline execution.

Should we submit the HAR file in a ticket somewhere? I have mine but its too large to place here.

I have my new computer but I can't download Chrome for it every time I try I am forced to get Microsoft Edge. That's why I didn't want to get a new system because during setup before shooter get the settings that they want rather than getting what you want. 7-Eleven with the edge see if that works and if it doesn't I have no idea what I will do instead. Since I needed a new computer and software anyway I might as well find another virtual tabletop since roll 20 is nothing but hassles these days. $600 dollars and I'm still smashing my head into wall. Thanks for not-a-damned thing.&nbsp;

The $600 solution worked. My new laptop has allowed me access to my games again. At least until Roll20 'upgrades' the system again and leaves me laying beside the road in a piling heap of ... frustration.&nbsp;

All I get is a black screen that says "Roll20. LOADING..." and that's it. Running CHROME, but on an XP computer. I've cleaned the cache. Checked the firewall. Everything else works. It worked once, in March, but not since. I've got it to work on my Android phone and tablet, but playing Battletech that way is super hard with big fingers. I'm not computer literate to tear apart the code and install new stuff.&nbsp;

I too am having the same issue it just says loading with a black screen and nothing then happens. Have tried multiple browsers but no joy.

I'm getting the same issue, had to have one of my friends use screenshare on discord. This was on Microsoft Edge.

I've also had the issue using the app

There is a group of us some having this issue, others not. I'm on Edge in Windows 10. My friend who got straight on is using Linux. Chrome working for another friend Edit - Straight in with Chrome