From 8167c3a3e785f11926cde52b48813110fcdf0875 Mon Sep 17 00:00:00 2001
From: "Edward Tirado Jr." <ed@etdevelopment.net>
Date: Sun, 14 Dec 2025 23:17:17 -0600
Subject: [PATCH] nonce updates for livewire

---
 app/Http/Middleware/AddContentSecurityPolicy.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/Http/Middleware/AddContentSecurityPolicy.php b/app/Http/Middleware/AddContentSecurityPolicy.php
index 92be6a6..8c911a5 100644
--- a/app/Http/Middleware/AddContentSecurityPolicy.php
+++ b/app/Http/Middleware/AddContentSecurityPolicy.php
@@ -24,8 +24,9 @@ class AddContentSecurityPolicy
                    "style-src 'self' 'unsafe-inline' http: https:; " .
                    "connect-src 'self' ws: http: https:;";
         } else {
-            // Production CSP - Livewire v3 requires unsafe-eval
-            $csp = "script-src 'self' 'unsafe-eval' https:; " .
+            // Production CSP - Livewire v3 requires unsafe-eval and nonce for inline scripts
+            $nonce = csp_nonce();
+            $csp = "script-src 'self' 'unsafe-eval' 'nonce-{$nonce}' https:; " .
                    "style-src 'self' 'unsafe-inline' https:; " .
                    "connect-src 'self' https:;";
         }