From 9dff13e903af7d8cd7833396a68337958c036bd9 Mon Sep 17 00:00:00 2001
From: Peter Zhu <peter.zhu@amplitude.com>
Date: Thu, 8 May 2025 11:17:42 -0700
Subject: [PATCH] fix: add nonce

---
 packages/experiment-tag/src/messenger.ts | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/packages/experiment-tag/src/messenger.ts b/packages/experiment-tag/src/messenger.ts
index 02261293..b933cc1f 100644
--- a/packages/experiment-tag/src/messenger.ts
+++ b/packages/experiment-tag/src/messenger.ts
@@ -49,6 +49,18 @@ export const asyncLoadScript = (url: string) => {
       scriptElement.type = 'text/javascript';
       scriptElement.async = true;
       scriptElement.src = url;
+      // Set the script nonce if it exists
+      // This is useful for CSP (Content Security Policy) to allow the script to be loaded
+      const nonceElem = document.querySelector('[nonce]');
+      if (nonceElem) {
+        scriptElement.setAttribute(
+          'nonce',
+          nonceElem['nonce'] ||
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            (nonceElem as any).nonce ||
+            nonceElem.getAttribute('nonce'),
+        );
+      }
       scriptElement.addEventListener(
         'load',
         () => {