Allow specifying attributes on the @filamentStyles and @filamentScripts directives, as well as Assets

[aSeriousDeveloper]

We use a Content Security Policy that requires scripts to have an attached nonce attribute. However, the current implementation does not allow loaded JS and Css assets to have custom set attributes meaning that the CSP nonce can't be attached to these scripts.

Ideally, the Css and Js asset manages should be adapted to allow the provision of custom attributes that aren't covered by the current implementation. Additionally, the @filamentStyles and @filamentScripts directives should allow for specifying these attibutes as well, similar to how the @livewireScripts directive allows for it. For example: @livewireScripts(['nonce' => csp_nonce()]).

I was able to make a workaround by directly adding the nonce into the getHtml() functions for the asset managers, although this requires editing the vendor package code. I can likely look at building this as a more robust feature and opening a pull request if this isn't already being considered.

[danharrin]

Sure, a PR with an option for the config/filament.php would be accepted

[ghost]

This is very much needed. Can't use Filament now due to all the inline stuff being blocked by a proper CSP.

See: https://content-security-policy.com/nonce/

[severfire]

I do agree, CSP is very needed for this project. It could make companies donate much more to this project.