Update SecurityHeadersDefinitions

content/BlazorBffAzureAD/Server/SecurityHeadersDefinitions.cs

@@ -12,7 +12,7 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
             .AddReferrerPolicyStrictOriginWhenCrossOrigin()
             .AddCrossOriginOpenerPolicy(builder => builder.SameOrigin())
             .AddCrossOriginResourcePolicy(builder => builder.SameOrigin())
-            .AddCrossOriginEmbedderPolicy(builder => builder.RequireCorp()) // remove for dev if using hot reload
+            .AddCrossOriginEmbedderPolicy(builder => builder.RequireCorp())
             .AddContentSecurityPolicy(builder =>
             {
                 builder.AddObjectSrc().None();
@@ -26,12 +26,9 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
 
                 // due to Blazor
                 builder.AddScriptSrc()
-                    .Self()
+                    // .Self() Add this if you want to use the visual studio debugging tools
                     .WithNonce()
                     .UnsafeEval();
-
-                // disable script and style CSP protection if using Blazor hot reload
-                // if using hot reload, DO NOT deploy with an insecure CSP
             })
             .RemoveServerHeader()
             .AddPermissionsPolicy(builder =>