feat: optional nonce prop for NextSSRPlugin

[CyanFlare]

This adds an optional nonce prop to NextSSRplugin which is added onto the script tag.

Summary by CodeRabbit

• New Features
  • Server-side rendering plugin accepts an optional nonce parameter to be applied to its injected script tag.
• Chores
  • Published a patch release that includes the nonce support for the SSR plugin.

[changeset-bot]

🦋 Changeset detected

Latest commit: 602f2d8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@uploadthing/react	Patch
@uploadthing/expo	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

@CyanFlare is attempting to deploy a commit to the Ping Labs Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f314efbf-6d69-4574-a76f-29176e872545

📥 Commits

Reviewing files that changed from the base of the PR and between b4cb573 and 602f2d8.

📒 Files selected for processing (1)

• .changeset/lazy-lions-reply.md

✅ Files skipped from review due to trivial changes (1)

• .changeset/lazy-lions-reply.md

---

Walkthrough

Adds optional CSP nonce support to NextSSRPlugin: the component accepts an optional nonce?: string prop, and the server-inserted script element sets nonce={props.nonce} when provided.

Changes

NextSSRPlugin Nonce Support

Layer / File(s)	Summary
Component Props Type packages/react/src/next-ssr-plugin.tsx	NextSSRPlugin props interface extended with optional nonce?: string property.
Script Attribute Wiring packages/react/src/next-ssr-plugin.tsx	Script element generation updated to include nonce={props.nonce} attribute when the prop is provided.
Changeset update .changeset/lazy-lions-reply.md	Adds a patch release entry for @uploadthing/react noting the new optional nonce prop.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: adding an optional nonce prop to NextSSRPlugin, which matches the PR objective and file modifications.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Confidence Score: 5/5

Safe to merge — the change is a one-line prop addition with no logic changes.

The only modified file receives a new optional prop and forwards it verbatim to an existing <script> element. All surrounding serialization and rendering logic is untouched. Passing undefined to React's nonce attribute correctly omits it from the DOM, so there is no regression for callers who do not pass the prop.

No files require special attention.

Important Files Changed

Filename	Overview
packages/react/src/next-ssr-plugin.tsx	Adds optional nonce?: string prop to NextSSRPlugin and threads it through to the inline <script> tag for CSP compliance.

_{Reviews (1): Last reviewed commit: "feat: optional `nonce` prop for `NextSSR..." | Re-trigger Greptile}