Merge branch 'dev'

BlazorBffOpenIdConnect/Server/SecurityHeadersDefinitions.cs

@@ -26,9 +26,12 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
 
                 // due to Blazor
                 builder.AddScriptSrc()
-                    // .Self() Add this if you want to use the visual studio debugging tools
-                    .WithNonce()
-                    .UnsafeEval();
+                   .WithHash256("sha256-wTSw2ZoYOVpX8Sl5cEiYcCF8ddvCbjJhiX+oYQqD1s4=")
+                   .WithNonce()
+                   .UnsafeEval() // due to Blazor WASM
+                   .StrictDynamic()
+                   .UnsafeInline(); // only a fallback for older browsers when the nonce is used 
+
             })
             .RemoveServerHeader()
             .AddPermissionsPolicy(builder =>

Changelog.md

@@ -2,6 +2,8 @@
 
 [Readme](https://github.com/damienbod/Blazor.BFF.OpenIDConnect.Template/blob/main/README.md) 
 
+**2024-02-01** 3.0.3
+- Fix refresh bug
 
 **2024-01-14** 3.0.2
 - Improve CSP, using nonce

README.md

@@ -61,15 +61,15 @@ dotnet new -u Blazor.BFF.OpenIDConnect.Template
 https://docs.microsoft.com/en-us/dotnet/core/tutorials/create-custom-template
 
 ```
-dotnet pack -o ./publish -c Release -p:PackageVersion=3.0.1 --no-build
+dotnet pack -o ./publish -c Release -p:PackageVersion=3.0.3 --no-build
 ```
 
 ### install developement
 
 Locally built nupkg:
 
 ```
-dotnet new -i Blazor.BFF.OpenIDConnect.Template.3.0.1.nupkg
+dotnet new -i Blazor.BFF.OpenIDConnect.Template.3.0.3.nupkg
 ```
 
 Local folder: