feat: Add CSP nonce support for @paddlejs directive (#297)

sgasser · web-flow · commit 8dba92d81eb9 · 2025-05-08T07:29:35.000-07:00
diff --git a/resources/views/js.blade.php b/resources/views/js.blade.php
@@ -13,16 +13,18 @@
 if (isset($seller['pwAuth']) && Auth::check() && $customer = Auth::user()->customer) {
     $seller['pwCustomer'] = ['id' => $customer->paddle_id];
 }
+
+$nonce = $nonce ?? '';
 ?>
 
-<script src="https://cdn.paddle.com/paddle/v2/paddle.js"></script>
+<script src="https://cdn.paddle.com/paddle/v2/paddle.js" @if ($nonce) nonce="{{ $nonce }}" @endif></script>
 
 @if (config('cashier.sandbox'))
-    <script type="text/javascript">
+    <script type="text/javascript" @if ($nonce) nonce="{{ $nonce }}" @endif>
         Paddle.Environment.set('sandbox');
     </script>
 @endif
 
-<script type="text/javascript">
+<script type="text/javascript" @if ($nonce) nonce="{{ $nonce }}" @endif>
     Paddle.Initialize(@json($seller));
 </script>
diff --git a/src/CashierServiceProvider.php b/src/CashierServiceProvider.php
@@ -93,8 +93,8 @@ protected function bootPublishing()
      */
     protected function bootDirectives()
     {
-        Blade::directive('paddleJS', function () {
-            return "<?php echo view('cashier::js'); ?>";
+        Blade::directive('paddleJS', function ($expression) {
+            return "<?php echo view('cashier::js', ['nonce' => {$expression}['nonce'] ?? '']); ?>";
         });
     }
 

Original file line number	Diff line number	Diff line change
`@@ -93,8 +93,8 @@ protected function bootPublishing()`
`93`	`93`	`*/`
`94`	`94`	`protected function bootDirectives()`
`95`	`95`	`{`
`96`		`- Blade::directive('paddleJS', function () {`
`97`		`- return "<?php echo view('cashier::js'); ?>";`
	`96`	`+ Blade::directive('paddleJS', function ($expression) {`
	`97`	`+ return "<?php echo view('cashier::js', ['nonce' => {$expression}['nonce'] ?? '']); ?>";`
`98`	`98`	`});`
`99`	`99`	`}`
`100`	`100`