From 2fe799ec5ab7c11a21b0d49721a46d8f9338ceec Mon Sep 17 00:00:00 2001
From: "Barry vd. Heuvel" <barry@fruitcake.nl>
Date: Tue, 3 Mar 2020 13:40:12 +0100
Subject: [PATCH 1/3] Add CSP header if available

---
 src/JavascriptRenderer.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/JavascriptRenderer.php b/src/JavascriptRenderer.php
index df4423258..7349eee15 100644
--- a/src/JavascriptRenderer.php
+++ b/src/JavascriptRenderer.php
@@ -12,10 +12,11 @@ class JavascriptRenderer extends BaseJavascriptRenderer
     // Use XHR handler by default, instead of jQuery
     protected $ajaxHandlerBindToJquery = false;
     protected $ajaxHandlerBindToXHR = true;
+    protected $cspNonce;
 
-    public function __construct(DebugBar $debugBar, $baseUrl = null, $basePath = null)
+    public function __construct(DebugBar $debugBar, $baseUrl = null, $basePath = null, $cspNonce = null)
     {
-        parent::__construct($debugBar, $baseUrl, $basePath);
+        parent::__construct($debugBar, $baseUrl, $basePath, $cspNonce);
 
         $this->cssFiles['laravel'] = __DIR__ . '/Resources/laravel-debugbar.css';
         $this->cssVendors['fontawesome'] = __DIR__ . '/Resources/vendor/font-awesome/style.css';
@@ -50,11 +51,13 @@ public function renderHead()
         $cssRoute = preg_replace('/\Ahttps?:/', '', $cssRoute);
         $jsRoute  = preg_replace('/\Ahttps?:/', '', $jsRoute);
 
+        $nonce = $this->getNonceAttribute();
+
         $html  = "<link rel='stylesheet' type='text/css' property='stylesheet' href='{$cssRoute}'>";
         $html .= "<script type='text/javascript' src='{$jsRoute}'></script>";
 
         if ($this->isJqueryNoConflictEnabled()) {
-            $html .= '<script type="text/javascript">jQuery.noConflict(true);</script>' . "\n";
+            $html .= '<script type="text/javascript" ' . $nonce . '>jQuery.noConflict(true);</script>' . "\n";
         }
 
         $html .= $this->getInlineHtml();

From 251b866e91a837c34cb0365d41227d2dbc5d6e6d Mon Sep 17 00:00:00 2001
From: "Barry vd. Heuvel" <barry@fruitcake.nl>
Date: Tue, 22 Jun 2021 09:16:57 +0200
Subject: [PATCH 2/3] Tweak nonce based on upstream

---
 src/JavascriptRenderer.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/JavascriptRenderer.php b/src/JavascriptRenderer.php
index 657beeb9e..cb76c7f84 100644
--- a/src/JavascriptRenderer.php
+++ b/src/JavascriptRenderer.php
@@ -14,11 +14,10 @@ class JavascriptRenderer extends BaseJavascriptRenderer
     // Use XHR handler by default, instead of jQuery
     protected $ajaxHandlerBindToJquery = false;
     protected $ajaxHandlerBindToXHR = true;
-    protected $cspNonce;
 
-    public function __construct(DebugBar $debugBar, $baseUrl = null, $basePath = null, $cspNonce = null)
+    public function __construct(DebugBar $debugBar, $baseUrl = null, $basePath = null)
     {
-        parent::__construct($debugBar, $baseUrl, $basePath, $cspNonce);
+        parent::__construct($debugBar, $baseUrl, $basePath);
 
         $this->cssFiles['laravel'] = __DIR__ . '/Resources/laravel-debugbar.css';
         $this->cssVendors['fontawesome'] = __DIR__ . '/Resources/vendor/font-awesome/style.css';

From 2e038e31ea117d6fac55b1a4fd855feb01720b69 Mon Sep 17 00:00:00 2001
From: "Barry vd. Heuvel" <barry@fruitcake.nl>
Date: Tue, 22 Jun 2021 10:13:44 +0200
Subject: [PATCH 3/3] Tweak attribute

---
 src/JavascriptRenderer.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/JavascriptRenderer.php b/src/JavascriptRenderer.php
index cb76c7f84..a421ad448 100644
--- a/src/JavascriptRenderer.php
+++ b/src/JavascriptRenderer.php
@@ -63,13 +63,13 @@ public function renderHead()
         $cssRoute = preg_replace('/\Ahttps?:/', '', $cssRoute);
         $jsRoute  = preg_replace('/\Ahttps?:/', '', $jsRoute);
 
-        $nonce = $this->getNonceAttribute();
+        $nonce = isset($this->cspNonce) ? $this->getNonceAttribute() : '';
 
         $html  = "<link rel='stylesheet' type='text/css' property='stylesheet' href='{$cssRoute}'>";
         $html .= "<script type='text/javascript' src='{$jsRoute}'></script>";
 
         if ($this->isJqueryNoConflictEnabled()) {
-            $html .= '<script type="text/javascript" ' . $nonce . '>jQuery.noConflict(true);</script>' . "\n";
+            $html .= '<script type="text/javascript"' . $nonce . '>jQuery.noConflict(true);</script>' . "\n";
         }
 
         $html .= $this->getInlineHtml();