Skip to content

Added csp option on default script tag #98

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Debatty-Tom wants to merge 6 commits into
base: 2.x
Choose a base branch
from
Open

Added csp option on default script tag #98

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b4a0790
Added csp option on default script tag
Debatty-Tom Oct 8, 2025
6efe10d
Refactor return script and add some complexity to the nonce
Debatty-Tom Oct 8, 2025
c902ac4
fix using csp nonce by passing it from the view to the default script…
Debatty-Tom Oct 20, 2025
2fbc9df
Removed unused import
Debatty-Tom Oct 21, 2025
0def872
fix parameters for blade directive
Debatty-Tom Nov 14, 2025
9bbe024
giving the nonce to the different generated script tags
Debatty-Tom Nov 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
giving the nonce to the different generated script tags
  • Loading branch information
@Debatty-Tom
Debatty-Tom committed Nov 14, 2025
commit 9bbe024db706ed025c095a2458a5ce89cfde64d3
4 changes: 2 additions & 2 deletions src/AnalyticCookiesCategory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,9 @@ public function google(string $id, bool $anonymizeIp = true): static
->description(__('cookieConsent::cookies.defaults._gat'))
)
->accepted(fn(Consent $consent) => $consent
->script('<script async src="https://www.googletagmanager.com/gtag/js?id=' . $id . '"></script>')
->script('<script nonce="" async src="https://www.googletagmanager.com/gtag/js?id=' . $id . '"></script>')
->script(
'<script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}gtag(\'js\',new Date());gtag(\'config\',\'' . $id . '\', {\'anonymize_ip\':' . $anonymizeIp . '});</script>'
'<script nonce="">window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}gtag(\'js\',new Date());gtag(\'config\',\'' . $id . '\', {\'anonymize_ip\':' . $anonymizeIp . '});</script>'
)
);
});
Expand Down
16 changes: 10 additions & 6 deletions src/ConsentResponse.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ class ConsentResponse
/**
* Transform the collected data into a JSON response-object.
*/
public function handleConsent(Cookie|CookiesGroup $instance): static
public function handleConsent(Cookie|CookiesGroup $instance, string|null $nonce): static
{
if(! $instance->hasConsentCallback()) {
return $this;
Expand All @@ -35,7 +35,7 @@ public function handleConsent(Cookie|CookiesGroup $instance): static
$consent = $instance->getConsentResult();

$this->attachCookies($consent->getCookies());
$this->attachScripts($consent->getScripts());
$this->attachScripts($consent->getScripts(), $nonce);

return $this;
}
Expand Down Expand Up @@ -65,20 +65,24 @@ public function attachCookie(CookieComponent $cookie): static
/**
* Add multiple script tags to the consent response.
*/
public function attachScripts(array $tags): static
public function attachScripts(array $tags, string|null $nonce): static
{
foreach ($tags as $tag) {
$this->attachScript($tag);
$this->attachScript($tag, $nonce);
}

return $this;
}

/**
* Add a single script tag to the consent response.
*/
public function attachScript(string $tag): static
public function attachScript(string $tag, ?string $nonce = null): static
{
if ($nonce && str_contains($tag, 'nonce=""')) {
$tag = str_replace('nonce=""', 'nonce="' . $nonce . '"', $tag);
}

$this->scripts[] = $tag;

return $this;
Expand Down
31 changes: 20 additions & 11 deletions src/CookiesManager.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

class CookiesManager
{
protected string|null $nonce = null;
/**
* The cookies registrar.
*/
Expand Down Expand Up @@ -141,13 +142,22 @@ public function accept(string|array $categories = '*'): ConsentResponse
*/
protected function getConsentResponse(): ConsentResponse
{
return array_reduce($this->registrar->getCategories(), function($response, $category) {
return array_reduce($category->getDefined(), function(ConsentResponse $response, Cookie|CookiesGroup $instance) {
return $this->hasConsentFor($instance->name)
? $response->handleConsent($instance)
: $response;
}, $response);
}, new ConsentResponse());
$nonce = $this->nonce;
return array_reduce(
$this->registrar->getCategories(),
function($response, $category) use ($nonce) {
return array_reduce(
$category->getDefined(),
function(ConsentResponse $response, Cookie|CookiesGroup $instance) use ($nonce) {
return $this->hasConsentFor($instance->name)
? $response->handleConsent($instance, $nonce)
: $response;
},
$response
);
},
new ConsentResponse()
);
}

/**
Expand All @@ -169,6 +179,7 @@ protected function makeConsentCookie(): CookieComponent
*/
public function renderScripts(string|null $nonce, bool $withDefault = true): string
{
$this->nonce = $nonce;
$output = $this->shouldDisplayNotice()
? $this->getNoticeScripts($nonce, $withDefault)
: $this->getConsentedScripts($nonce, $withDefault);
Expand Down Expand Up @@ -283,16 +294,14 @@ public function replaceInfoTag(string $wysiwyg): string
$cookieConsentInfo = view('cookie-consent::info', [
'cookies' => $this->registrar,
])->render();
$formattedString = preg_replace(

return preg_replace(
[
'/\<(\w)[^\>]+\>\@cookieconsentinfo\<\/\1\>/',
'/\@cookieconsentinfo/',
],
$cookieConsentInfo,
$wysiwyg,
);

return $formattedString;
}
}