Nonce CSP is not supported

[mariusaustr]

There is no way to use nonce content security policy, since Coderello\SharedData\SharedData::render() method returns <script> with no way to inject additional data.

public function render(): string
    {
        return '<script>'
            .'window["'.$this->getJsNamespace().'"]='.$this->toJson().';'
            .'window["sharedDataNamespace"]="'.$this->getJsNamespace().'";'
            .($this->getJsHelperEnabled() ? $this->getJsHelper().';' : '')
            .'</script>';
    }

I think either class constructor or render method could accept nonce value.

[hivokas]

Thanks, @mariusaustr! It makes sense.

I've published a new release to support that: https://github.com/coderello/laravel-shared-data/releases/tag/3.2.0