[Bug Report] useTheme: cspNonce dropped on SSR head path; unhead adapter ignores it

[johnleider]

Summary

V0StyleSheetThemeAdapter accepts a cspNonce option but never applies it. On the SSR head path it pushes a <style> without the nonce, and V0UnheadThemeAdapter doesn't accept a nonce at all. Strict-CSP apps get their SSR theme styles blocked (FOUC), and the stored option gives false assurance.

Location

• packages/0/src/composables/useTheme/adapters/v0.ts:31,41 declare cspNonce; :46 stores this.cspNonce = options.cspNonce — but it is never read again.
• SSR branch (:94-98) resolves head and calls head.push({...}) without threading the nonce into the style entry.
• Client path (:122-129, adoptedStyleSheets) correctly needs no nonce.
• adapters/unhead.ts does not accept cspNonce.

Impact

Low (medium for strict-CSP SSR). With style-src 'nonce-…', the SSR <style> is blocked → FOUC until client hydration swaps to adoptedStyleSheets. Accepted-but-unused config is a wart: honor it or remove it.

Suggested fix

Thread cspNonce into the SSR head.push style entry (as a nonce attribute), and accept/forward a nonce in the unhead adapter. Add a test asserting the SSR <style> carries the nonce.