From b852178d7a79c1e5b7567832a1cd2d5325aca05d Mon Sep 17 00:00:00 2001
From: Iman Aboheydary <iman@customgento.com>
Date: Thu, 22 Jan 2026 11:20:10 +0100
Subject: [PATCH 1/5] Fix csp errrors, DEV-1113

Signed-off-by: Iman Aboheydary <iman@customgento.com>
---
 Model/ScriptGenerator.php | 21 +++++++++++----------
 etc/csp_whitelist.xml     |  4 ++++
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/Model/ScriptGenerator.php b/Model/ScriptGenerator.php
index f4904a8..9e83d5b 100644
--- a/Model/ScriptGenerator.php
+++ b/Model/ScriptGenerator.php
@@ -4,6 +4,8 @@
 
 namespace CustomGento\Cookiebot\Model;
 
+use Magento\Csp\Helper\CspNonceProvider;
+
 class ScriptGenerator
 {
     private const COOKIEBOT_SCRIPT_FORMAT = '<script
@@ -12,6 +14,7 @@ class ScriptGenerator
             src="https://consent.cookiebot.com/uc.js"
             data-cbid="%s"
             %s
+            %s
             type="text/javascript" async></script>';
     private const EU_COOKIEBOT_SCRIPT_FORMAT = '<script
             id="Cookiebot"
@@ -19,16 +22,13 @@ class ScriptGenerator
             src="https://consent.cookiebot.eu/uc.js"
             data-cbid="%s"
             %s
+            %s
             type="text/javascript" async></script>';
 
-    /**
-     * @var Config
-     */
-    private $config;
-
-    public function __construct(Config $config)
-    {
-        $this->config = $config;
+    public function __construct(
+        private readonly Config $config,
+        private readonly CspNonceProvider $cspNonceProvider
+    ) {
     }
 
     public function generate(): string
@@ -36,11 +36,12 @@ public function generate(): string
         $cookiebotId = $this->config->getId();
         $dataCulture = $this->config->getDataCulture() ?
             sprintf('data-culture="%s"', $this->config->getDataCulture()) : '';
+        $nonce       = sprintf('nonce="%s"', $this->cspNonceProvider->generateNonce());
 
         if ($this->config->useEuCdn()) {
-            return sprintf(self::EU_COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture);
+            return sprintf(self::EU_COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture, $nonce);
         }
 
-        return sprintf(self::COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture);
+        return sprintf(self::COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture, $nonce);
     }
 }
diff --git a/etc/csp_whitelist.xml b/etc/csp_whitelist.xml
index 7120c8e..878883b 100644
--- a/etc/csp_whitelist.xml
+++ b/etc/csp_whitelist.xml
@@ -5,7 +5,11 @@
         <policy id="script-src">
             <values>
                 <value id="cookiebot" type="host">consent.cookiebot.com</value>
+                <value id="cookiebot_cdn" type="host">consentcdn.cookiebot.com</value>
                 <value id="cookiebot_eu" type="host">consent.cookiebot.eu</value>
+                <value id="cookiebot_cdn_eu" type="host">consentcdn.cookiebot.eu</value>
+                <!-- Hash for Cookiebot inline script (nonce not fully supported by uc.js) -->
+                <value id="cookiebot_inline" type="hash" algorithm="sha256">izGUmFn9PZE6G7QuIdXAy77nhcrcwBISVZL+PdWAZFA=</value>
             </values>
         </policy>
         <policy id="frame-src">

From e7951e1c0e256fa580b5569e9681f08b152b8893 Mon Sep 17 00:00:00 2001
From: Iman Aboheydary <iman@customgento.com>
Date: Fri, 23 Jan 2026 11:28:17 +0100
Subject: [PATCH 2/5] Fix csp errrors, DEV-1113

Signed-off-by: Iman Aboheydary <iman@customgento.com>
---
 Model/ScriptGenerator.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/Model/ScriptGenerator.php b/Model/ScriptGenerator.php
index 9e83d5b..6664db9 100644
--- a/Model/ScriptGenerator.php
+++ b/Model/ScriptGenerator.php
@@ -14,7 +14,6 @@ class ScriptGenerator
             src="https://consent.cookiebot.com/uc.js"
             data-cbid="%s"
             %s
-            %s
             type="text/javascript" async></script>';
     private const EU_COOKIEBOT_SCRIPT_FORMAT = '<script
             id="Cookiebot"
@@ -22,7 +21,6 @@ class ScriptGenerator
             src="https://consent.cookiebot.eu/uc.js"
             data-cbid="%s"
             %s
-            %s
             type="text/javascript" async></script>';
 
     public function __construct(
@@ -36,12 +34,11 @@ public function generate(): string
         $cookiebotId = $this->config->getId();
         $dataCulture = $this->config->getDataCulture() ?
             sprintf('data-culture="%s"', $this->config->getDataCulture()) : '';
-        $nonce       = sprintf('nonce="%s"', $this->cspNonceProvider->generateNonce());
 
         if ($this->config->useEuCdn()) {
-            return sprintf(self::EU_COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture, $nonce);
+            return sprintf(self::EU_COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture);
         }
 
-        return sprintf(self::COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture, $nonce);
+        return sprintf(self::COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture);
     }
 }

From 0d3a8a9684f2981fc2a0d25990fed48f194c9b9c Mon Sep 17 00:00:00 2001
From: Iman Aboheydary <iman@customgento.com>
Date: Fri, 23 Jan 2026 11:28:43 +0100
Subject: [PATCH 3/5] Fix csp errrors, DEV-1113

Signed-off-by: Iman Aboheydary <iman@customgento.com>
---
 Model/ScriptGenerator.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Model/ScriptGenerator.php b/Model/ScriptGenerator.php
index 6664db9..9e83d5b 100644
--- a/Model/ScriptGenerator.php
+++ b/Model/ScriptGenerator.php
@@ -14,6 +14,7 @@ class ScriptGenerator
             src="https://consent.cookiebot.com/uc.js"
             data-cbid="%s"
             %s
+            %s
             type="text/javascript" async></script>';
     private const EU_COOKIEBOT_SCRIPT_FORMAT = '<script
             id="Cookiebot"
@@ -21,6 +22,7 @@ class ScriptGenerator
             src="https://consent.cookiebot.eu/uc.js"
             data-cbid="%s"
             %s
+            %s
             type="text/javascript" async></script>';
 
     public function __construct(
@@ -34,11 +36,12 @@ public function generate(): string
         $cookiebotId = $this->config->getId();
         $dataCulture = $this->config->getDataCulture() ?
             sprintf('data-culture="%s"', $this->config->getDataCulture()) : '';
+        $nonce       = sprintf('nonce="%s"', $this->cspNonceProvider->generateNonce());
 
         if ($this->config->useEuCdn()) {
-            return sprintf(self::EU_COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture);
+            return sprintf(self::EU_COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture, $nonce);
         }
 
-        return sprintf(self::COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture);
+        return sprintf(self::COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture, $nonce);
     }
 }

From b7851614511faf297a542733f2f8d6cab3781cc3 Mon Sep 17 00:00:00 2001
From: Iman Aboheydary <iman@customgento.com>
Date: Fri, 23 Jan 2026 16:37:04 +0100
Subject: [PATCH 4/5] Remove extra changes, DEV-1113

Signed-off-by: Iman Aboheydary <iman@customgento.com>
---
 Model/ScriptGenerator.php | 12 +++---------
 etc/csp_whitelist.xml     |  2 --
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/Model/ScriptGenerator.php b/Model/ScriptGenerator.php
index 9e83d5b..c14a86d 100644
--- a/Model/ScriptGenerator.php
+++ b/Model/ScriptGenerator.php
@@ -4,8 +4,6 @@
 
 namespace CustomGento\Cookiebot\Model;
 
-use Magento\Csp\Helper\CspNonceProvider;
-
 class ScriptGenerator
 {
     private const COOKIEBOT_SCRIPT_FORMAT = '<script
@@ -14,7 +12,6 @@ class ScriptGenerator
             src="https://consent.cookiebot.com/uc.js"
             data-cbid="%s"
             %s
-            %s
             type="text/javascript" async></script>';
     private const EU_COOKIEBOT_SCRIPT_FORMAT = '<script
             id="Cookiebot"
@@ -22,12 +19,10 @@ class ScriptGenerator
             src="https://consent.cookiebot.eu/uc.js"
             data-cbid="%s"
             %s
-            %s
             type="text/javascript" async></script>';
 
     public function __construct(
-        private readonly Config $config,
-        private readonly CspNonceProvider $cspNonceProvider
+        private readonly Config $config
     ) {
     }
 
@@ -36,12 +31,11 @@ public function generate(): string
         $cookiebotId = $this->config->getId();
         $dataCulture = $this->config->getDataCulture() ?
             sprintf('data-culture="%s"', $this->config->getDataCulture()) : '';
-        $nonce       = sprintf('nonce="%s"', $this->cspNonceProvider->generateNonce());
 
         if ($this->config->useEuCdn()) {
-            return sprintf(self::EU_COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture, $nonce);
+            return sprintf(self::EU_COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture);
         }
 
-        return sprintf(self::COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture, $nonce);
+        return sprintf(self::COOKIEBOT_SCRIPT_FORMAT, $cookiebotId, $dataCulture);
     }
 }
diff --git a/etc/csp_whitelist.xml b/etc/csp_whitelist.xml
index 878883b..1b719fe 100644
--- a/etc/csp_whitelist.xml
+++ b/etc/csp_whitelist.xml
@@ -8,8 +8,6 @@
                 <value id="cookiebot_cdn" type="host">consentcdn.cookiebot.com</value>
                 <value id="cookiebot_eu" type="host">consent.cookiebot.eu</value>
                 <value id="cookiebot_cdn_eu" type="host">consentcdn.cookiebot.eu</value>
-                <!-- Hash for Cookiebot inline script (nonce not fully supported by uc.js) -->
-                <value id="cookiebot_inline" type="hash" algorithm="sha256">izGUmFn9PZE6G7QuIdXAy77nhcrcwBISVZL+PdWAZFA=</value>
             </values>
         </policy>
         <policy id="frame-src">

From 1482b03d85112f6924b19deaabc6d6a17de60a01 Mon Sep 17 00:00:00 2001
From: Iman Aboheydary <iman@customgento.com>
Date: Fri, 23 Jan 2026 16:40:14 +0100
Subject: [PATCH 5/5] Remove extra changes, DEV-1113

Signed-off-by: Iman Aboheydary <iman@customgento.com>
---
 Model/ScriptGenerator.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/Model/ScriptGenerator.php b/Model/ScriptGenerator.php
index c14a86d..f4904a8 100644
--- a/Model/ScriptGenerator.php
+++ b/Model/ScriptGenerator.php
@@ -21,9 +21,14 @@ class ScriptGenerator
             %s
             type="text/javascript" async></script>';
 
-    public function __construct(
-        private readonly Config $config
-    ) {
+    /**
+     * @var Config
+     */
+    private $config;
+
+    public function __construct(Config $config)
+    {
+        $this->config = $config;
     }
 
     public function generate(): string