undid nonce changes

app/Http/Middleware/AddContentSecurityPolicy.php

@@ -15,13 +15,6 @@ class AddContentSecurityPolicy
      */
     public function handle(Request $request, Closure $next): Response
     {
-        // Generate a random nonce for this request
-        $nonce = base64_encode(random_bytes(16));
-
-        // Store nonce in request attributes so Livewire can access it
-        $request->attributes->set('csp-nonce', $nonce);
-
-        // Get the response
         $response = $next($request);
 
         // Build CSP header
@@ -31,12 +24,10 @@ class AddContentSecurityPolicy
                    "style-src 'self' 'unsafe-inline' http: https:; " .
                    "connect-src 'self' ws: http: https:;";
         } else {
-            // Strict CSP for production with nonces
+            // Production CSP - Livewire v3 requires unsafe-eval
-            $scriptSrc = "'self' 'nonce-{$nonce}' https:";
+            $csp = "script-src 'self' 'unsafe-eval' https:; " .
-            $styleSrc = "'self' 'unsafe-inline' https:";
+                   "style-src 'self' 'unsafe-inline' https:; " .
-            $connectSrc = "'self' https:";
+                   "connect-src 'self' https:;";
-
-            $csp = "script-src {$scriptSrc}; style-src {$styleSrc}; connect-src {$connectSrc};";
         }
 
         $response->headers->set('Content-Security-Policy', $csp);

resources/views/components/layouts/app.blade.php

@@ -6,7 +6,7 @@
     <x-header/>
     {{ $slot }}
 </div>
-@livewireScriptConfig(['nonce' => request()->attributes->get('csp-nonce')])
+@livewireScriptConfig
 </body>
 </html>
 

resources/views/components/layouts/auth.blade.php

@@ -3,6 +3,6 @@
 <x-head/>
 <body class="bg-blue-600">
 {{ $slot }}
-@livewireScriptConfig(['nonce' => request()->attributes->get('csp-nonce')])
+@livewireScripts
 </body>
 </html>