Add nonce's to script and style tags for content security policy

[gmgarrison]

Love the package but it's become unusable for me since having to implement a content security policy. Is there any way you add a config setting to add {{ csp_nonce() }} into the <script> and <style> tags?

[arukompas]

hey @gmgarrison , have you tried publishing the Log Viewer layout?

php artisan vendor:publish --tag=log-viewer-views

this way you can update the layout and add the nonces or other scripts yourself.

[gmgarrison]

Ahh! Good idea! I ran that command but I only get an img folder and app.css and app.js files. I have to confess that I don't really know where to try to the nonce generation. Any easy ideas?

[arukompas]

hey @gmgarrison , not sure where you're looking for it, but after running the command I get the file exported to resources/views/vendor/log-viewer/index.blade.php

As for how to include the nonce, I'm not experienced in that. All I know is that there's a Spatie package for it 😄

[gmgarrison]

Okay, got it!

There were 2 steps:

1. In the published index.blade.php, add nonce="{{ csp_nonce() }}" inside the <script> tag.
2. Add Keyword::UNSAFE_EVAL to the script directive of the content security policy

I appreciate your help!! Now back to log viewing! :)