From b2b8bca9ea5b9aab815491629c97778e6e15c3c3 Mon Sep 17 00:00:00 2001
From: "Edward Tirado Jr." <ed@etdevelopment.net>
Date: Sun, 14 Dec 2025 23:20:26 -0600
Subject: [PATCH] nonce fix

---
 app/Http/Middleware/AddContentSecurityPolicy.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/Http/Middleware/AddContentSecurityPolicy.php b/app/Http/Middleware/AddContentSecurityPolicy.php
index 8c911a5..b97f455 100644
--- a/app/Http/Middleware/AddContentSecurityPolicy.php
+++ b/app/Http/Middleware/AddContentSecurityPolicy.php
@@ -24,9 +24,8 @@ class AddContentSecurityPolicy
                    "style-src 'self' 'unsafe-inline' http: https:; " .
                    "connect-src 'self' ws: http: https:;";
         } else {
-            // Production CSP - Livewire v3 requires unsafe-eval and nonce for inline scripts
-            $nonce = csp_nonce();
-            $csp = "script-src 'self' 'unsafe-eval' 'nonce-{$nonce}' https:; " .
+            // Production CSP - Livewire v3 requires unsafe-eval and unsafe-inline
+            $csp = "script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; " .
                    "style-src 'self' 'unsafe-inline' https:; " .
                    "connect-src 'self' https:;";
         }