fix refresh bug

damienbod · Feb 1, 2024 · c28a382 · c28a382
1 parent 18b65fb
commit c28a382
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/content/BlazorBffAzureAD/Client/BlazorBffAzureAD.Client.csproj b/content/BlazorBffAzureAD/Client/BlazorBffAzureAD.Client.csproj
@@ -8,10 +8,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="8.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="8.0.0" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="8.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="8.0.1" PrivateAssets="all" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="8.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="8.0.1" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/content/BlazorBffAzureAD/Server/SecurityHeadersDefinitions.cs b/content/BlazorBffAzureAD/Server/SecurityHeadersDefinitions.cs
@@ -26,9 +26,12 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
 
                 // due to Blazor
                 builder.AddScriptSrc()
-                    // .Self() Add this if you want to use the visual studio debugging tools
+                    .WithHash256("sha256-wTSw2ZoYOVpX8Sl5cEiYcCF8ddvCbjJhiX+oYQqD1s4=")
                     .WithNonce()
-                    .UnsafeEval();
+                    .UnsafeEval() // due to Blazor WASM
+                    .StrictDynamic()
+                    .UnsafeInline(); // only a fallback for older browsers when the nonce is used 
+
             })
             .RemoveServerHeader()
             .AddPermissionsPolicy(builder =>