In development I have a livereload server that runs on the standard port 35729, however this isn't loaded because my because my policy has script-src 'self'. Is there way to allow 'self' on all ports?
'localhost:*' also isn't a great solution because on occasions I test the site on our local network so it could be an ip address rather than 'localhost'.
Of course I can just remove this header from development if I need to but I am trying to keep it as close to live as possible.
No. 'self' always restricts you to the site you're in - use it if you're serving your scripts from the same application that your page is in. It's not really intended to allow resources from other processes on the same server.
You can make your sources a config or installation setting. Add localhost:* in your development config and change it to the specific resourceserver:35729 in your LAN testing environment.