diff --git a/README.md b/README.md
index 76d1423..3774d80 100644
--- a/README.md
+++ b/README.md
@@ -439,6 +439,29 @@ $factors['years'] = [365, 'dayz'];
More information on CarbonInterval's gotchas in [Constantin's blog post on chasingcode.dev](https://chasingcode.dev/blog/carbon-php-practical-examples/).
+### Content Security Policy
+
+This package supports CSP nonces for secure script loading. Pass your nonce to the @cookieconsentscripts directive:
+
+```blade
+{{-- Basic usage with nonce --}}
+@cookieconsentscripts($yourNonce)
+
+{{-- Example with Spatie Laravel CSP --}}
+@cookieconsentscripts(app('csp-nonce'))
+
+{{-- Without CSP --}}
+@cookieconsentscripts
+```
+
+How It Works
+
+When you provide a nonce, it's added to the script tag:
+
+```html
+
+```
+
### Let your users change their mind
Users should be able to change their consent settings at any time. No worries, with this package it is quite simple to achieve: generate a button that will reset the user's cookies and show the consent modal again.
diff --git a/src/CookiesManager.php b/src/CookiesManager.php
index 58b387c..c0b3c0f 100644
--- a/src/CookiesManager.php
+++ b/src/CookiesManager.php
@@ -167,11 +167,11 @@ protected function makeConsentCookie(): CookieComponent
/**
* Output all the scripts for current consent state.
*/
- public function renderScripts(bool $withDefault = true): string
+ public function renderScripts(bool $withDefault = true, ?string $nonce = null): string
{
$output = $this->shouldDisplayNotice()
- ? $this->getNoticeScripts($withDefault)
- : $this->getConsentedScripts($withDefault);
+ ? $this->getNoticeScripts($withDefault, $nonce)
+ : $this->getConsentedScripts($withDefault, $nonce);
if(strlen($output)) {
$output = '' . $output;
@@ -180,14 +180,14 @@ public function renderScripts(bool $withDefault = true): string
return $output;
}
- public function getNoticeScripts(bool $withDefault): string
+ public function getNoticeScripts(bool $withDefault, ?string $nonce = null): string
{
- return $withDefault ? $this->getDefaultScriptTag() : '';
+ return $withDefault ? $this->getDefaultScriptTag($nonce) : '';
}
- protected function getConsentedScripts(bool $withDefault): string
+ protected function getConsentedScripts(bool $withDefault, ?string $nonce = null): string
{
- $output = $this->getNoticeScripts($withDefault);
+ $output = $this->getNoticeScripts($withDefault, $nonce);
foreach ($this->getConsentResponse()->getResponseScripts() ?? [] as $tag) {
$output .= $tag;
@@ -196,11 +196,12 @@ protected function getConsentedScripts(bool $withDefault): string
return $output;
}
- protected function getDefaultScriptTag(): string
+ protected function getDefaultScriptTag(?string $nonce = null): string
{
return '';
}
diff --git a/src/ServiceProvider.php b/src/ServiceProvider.php
index c8fd666..5c68730 100644
--- a/src/ServiceProvider.php
+++ b/src/ServiceProvider.php
@@ -64,9 +64,8 @@ public function boot()
protected function registerBladeDirectives()
{
Blade::directive('cookieconsentscripts', function (string $expression) {
- return '';
+ return '';
});
-
Blade::directive('cookieconsentview', function (string $expression) {
return '';
});