There is no way to use nonce content security policy, since Coderello\SharedData\SharedData::render() method returns <script> with no way to inject additional data.
public function render(): string
{
return '<script>'
.'window["'.$this->getJsNamespace().'"]='.$this->toJson().';'
.'window["sharedDataNamespace"]="'.$this->getJsNamespace().'";'
.($this->getJsHelperEnabled() ? $this->getJsHelper().';' : '')
.'</script>';
}
I think either class constructor or render method could accept nonce value.
There is no way to use nonce content security policy, since
Coderello\SharedData\SharedData::render()
method returns<script>
with no way to inject additional data.I think either class constructor or render method could accept nonce value.