From 9619d767d11744abcc929c7d3890dfa1a2a59224 Mon Sep 17 00:00:00 2001
From: Nick Retel <nick.retel@gmail.com>
Date: Sat, 16 Aug 2025 10:26:54 +0200
Subject: [PATCH] Add support for Vite CSP nonce

Boost Browserlogger won't work when CSP is enabled with a Vite provided nonce. This commit adds the Vite nonce when its detected.

Boost is meant for local development and CSP is often applied in production only. Yet for testing purposes CSP can be applied in the local environment as well, making it useful for Boost to support CSP nonces as well.
---
 src/Services/BrowserLogger.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/Services/BrowserLogger.php b/src/Services/BrowserLogger.php
index 1993b60..ea62b6b 100644
--- a/src/Services/BrowserLogger.php
+++ b/src/Services/BrowserLogger.php
@@ -5,6 +5,7 @@
 namespace Laravel\Boost\Services;
 
 use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Facades\Vite;
 
 class BrowserLogger
 {
@@ -14,8 +15,18 @@ public static function getScript(): string
             ? route('boost.browser-logs')
             : '/_boost/browser-logs';
 
+        $attributes = ['id' => 'browser-logger-active'];
+
+        if ($nonce = Vite::cspNonce()) {
+            $attributes['nonce'] = $nonce;
+        }
+
+        $scriptAttributes = collect($attributes)
+            ->map(fn ($value, $key) => sprintf('%s="%s"', $key, $value))
+            ->implode(' ');
+
         return <<<HTML
-<script id="browser-logger-active">
+<script {$scriptAttributes}>
 (function() {
     const ENDPOINT = '{$endpoint}';
     const logQueue = [];