Content Security Policy?
Here's the line of code I added to .htaccess: Header set Content-Security-Policy "default-src https:"
I have Photo Album module that I've configured with the Slideshow content action and the Default content display.
When I have the above Content Security Policy active, the slidshow doesn't appear. Once comment out the Content Security Policy from .htaccess, the slideshow appears. I think the reason the slideshow doesn't appear is because it uses an inline script. I know that I could add 'unsafe-inline' but that won't provide any XSS protection.
How can I have the inline script and still have XSS protection?