Added csp option on default script tag

README.md

@@ -439,6 +439,29 @@ $factors['years'] = [365, 'dayz'];
 
 More information on CarbonInterval's gotchas in [Constantin's blog post on chasingcode.dev](https://chasingcode.dev/blog/carbon-php-practical-examples/).
 
+### Content Security Policy
+
+This package supports CSP nonces for secure script loading. Pass your nonce to the @cookieconsentscripts directive:
+
+```blade
+{{-- Basic usage with nonce --}}
+@cookieconsentscripts($yourNonce)
+
+{{-- Example with Spatie Laravel CSP --}}
+@cookieconsentscripts(app('csp-nonce'))
+
+{{-- Without CSP --}}
+@cookieconsentscripts
+```
+
+How It Works
+
+When you provide a nonce, it's added to the script tag:
+
+```html
+<script src="/cookie-consent-script" nonce="your-nonce-here" defer></script>
+```
+
 ### Let your users change their mind
 
 Users should be able to change their consent settings at any time. No worries, with this package it is quite simple to achieve: generate a button that will reset the user's cookies and show the consent modal again.

src/CookiesManager.php

@@ -167,11 +167,11 @@ protected function makeConsentCookie(): CookieComponent
     /**
      * Output all the scripts for current consent state.
      */
-    public function renderScripts(bool $withDefault = true): string
+    public function renderScripts(bool $withDefault = true, ?string $nonce = null): string
     {
         $output = $this->shouldDisplayNotice()
-            ? $this->getNoticeScripts($withDefault)
-            : $this->getConsentedScripts($withDefault);
+            ? $this->getNoticeScripts($withDefault, $nonce)
+            : $this->getConsentedScripts($withDefault, $nonce);
 
         if(strlen($output)) {
             $output = '<!-- Cookie Consent -->' . $output;
@@ -180,14 +180,14 @@ public function renderScripts(bool $withDefault = true): string
         return $output;
     }
 
-    public function getNoticeScripts(bool $withDefault): string
+    public function getNoticeScripts(bool $withDefault, ?string $nonce = null): string
     {
-        return $withDefault ? $this->getDefaultScriptTag() : '';
+        return $withDefault ? $this->getDefaultScriptTag($nonce) : '';
     }
 
-    protected function getConsentedScripts(bool $withDefault): string
+    protected function getConsentedScripts(bool $withDefault, ?string $nonce = null): string
     {
-        $output = $this->getNoticeScripts($withDefault);
+        $output = $this->getNoticeScripts($withDefault, $nonce);
 
         foreach ($this->getConsentResponse()->getResponseScripts() ?? [] as $tag) {
             $output .= $tag;
@@ -196,11 +196,12 @@ protected function getConsentedScripts(bool $withDefault): string
         return $output;
     }
 
-    protected function getDefaultScriptTag(): string
+    protected function getDefaultScriptTag(?string $nonce = null): string
     {
         return '<script '
             . 'src="' . route('cookieconsent.script') . '?id='
-            . md5(\filemtime(LCC_ROOT . '/dist/script.js')) . '" '
+            .  md5(\filemtime(LCC_ROOT . '/dist/script.js')) . '" '
+            . ($nonce ? 'nonce="' . $nonce . '" ' : '')
             . 'defer'
             . '></script>';
     }

src/ServiceProvider.php

@@ -64,9 +64,8 @@ public function boot()
     protected function registerBladeDirectives()
     {
         Blade::directive('cookieconsentscripts', function (string $expression) {
-            return '<?php echo ' . Facades\Cookies::class . '::renderScripts(' . $expression . '); ?>';
+            return '<?php echo ' . Facades\Cookies::class . '::renderScripts(!empty($expression) ? true, ' . $expression . ' : ""); ?>';
         });
-
         Blade::directive('cookieconsentview', function (string $expression) {
             return '<?php echo ' . Facades\Cookies::class . '::renderView(); ?>';
         });