Add support for Vite CSP nonce

Boost Browserlogger won't work when CSP is enabled with a Vite provided nonce. This commit adds the Vite nonce when its detected.

Boost is meant for local development and CSP is often applied in production only. Yet for testing purposes CSP can be applied in the local environment as well, making it useful for Boost to support CSP nonces as well.

Author: nckrtl

src/Services/BrowserLogger.php

@@ -5,6 +5,7 @@
 namespace Laravel\Boost\Services;
 
 use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Facades\Vite;
 
 class BrowserLogger
 {
@@ -14,8 +15,18 @@ public static function getScript(): string
             ? route('boost.browser-logs')
             : '/_boost/browser-logs';
 
+        $attributes = ['id' => 'browser-logger-active'];
+
+        if ($nonce = Vite::cspNonce()) {
+            $attributes['nonce'] = $nonce;
+        }
+
+        $scriptAttributes = collect($attributes)
+            ->map(fn ($value, $key) => sprintf('%s="%s"', $key, $value))
+            ->implode(' ');
+
         return <<<HTML
-<script id="browser-logger-active">
+<script {$scriptAttributes}>
 (function() {
     const ENDPOINT = '{$endpoint}';
     const logQueue = [];