From 9db980d326b0ff531e86abb66b7dc33b314591a7 Mon Sep 17 00:00:00 2001
From: damienbod <damien_bod@hotmail.com>
Date: Fri, 2 Feb 2024 06:55:14 +0100
Subject: [PATCH] Update SecurityHeadersDefinitions.cs

---
 .../Server/SecurityHeadersDefinitions.cs                 | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/BlazorBff/BlazorAzureAdBff/Server/SecurityHeadersDefinitions.cs b/BlazorBff/BlazorAzureAdBff/Server/SecurityHeadersDefinitions.cs
index afecdff..12432bd 100644
--- a/BlazorBff/BlazorAzureAdBff/Server/SecurityHeadersDefinitions.cs
+++ b/BlazorBff/BlazorAzureAdBff/Server/SecurityHeadersDefinitions.cs
@@ -26,9 +26,12 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
 
                 // due to Blazor
                 builder.AddScriptSrc()
-                    // .Self() Add this if you want to use the visual studio debugging tools
-                    .WithNonce()
-                    .UnsafeEval();
+                  .WithHash256("sha256-wTSw2ZoYOVpX8Sl5cEiYcCF8ddvCbjJhiX+oYQqD1s4=")
+                  .WithNonce()
+                  .UnsafeEval() // due to Blazor WASM
+                  .StrictDynamic()
+                  .UnsafeInline(); // only a fallback for older browsers when the nonce is used 
+                
             })
             .RemoveServerHeader()
             .AddPermissionsPolicy(builder =>