.NET 6 Hot Reload and "Refused to connect to ws: because it violates the Content Security Policy directive" because Web Sockets

To improve security, Hot Reload in ASP.NET Core applications requires understanding Content-Security-Policy (CSP) headers. DasBlog uses the NWebSpec library to configure CSP headers. By default, CSP headers restrict connections to "self," blocking communication with Hot Reload. To enable Hot Reload in development, explicitly allow WebSocket connections to the development server using CSP headers, such as "connect-src: wss://localhost:62895." CSP headers should be configured differently for development and production environments to ensure security while accommodating development tools like Hot Reload. It's essential to be aware of the headers required for both scenarios to maintain a balance between security and development convenience.