Remove automatic nonce-adding to rendered scripts

Author: danieltott

packages/react-dom-bindings/src/server/ReactFizzConfigDOM.js

@@ -3042,14 +3042,6 @@ export function pushStartInstance(
         formatContext.noscriptTagInScope,
       );
     case 'script':
-      if (responseState.nonce) {
-        // add nonce to props, but allow override
-        props = {
-          nonce: responseState.nonce,
-          ...props,
-        };
-      }
-
       return enableFloat
         ? pushScript(
             target,

packages/react-dom/src/__tests__/ReactDOMFizzServer-test.js

@@ -620,15 +620,15 @@ describe('ReactDOMFizzServer', () => {
     }
   });
 
-  it('should render scripts with nonce added', async () => {
+  it('should not automatically add nonce to rendered scripts', async () => {
     CSPnonce = 'R4nd0m';
     try {
       await act(async () => {
         const {pipe} = renderToPipeableStream(
           <html>
             <body>
-              <script>{'try { foo() } catch (e) {} ;'}</script>
-              <script src="foo" async={true} />
+              <script nonce={CSPnonce}>{'try { foo() } catch (e) {} ;'}</script>
+              <script nonce={CSPnonce} src="foo" async={true} />
               <script src="bar" />
               <script src="baz" integrity="qux" async={true} />
               <script type="module" src="quux" async={true} />
@@ -654,14 +654,13 @@ describe('ReactDOMFizzServer', () => {
           renderOptions.unstable_externalRuntimeSrc,
         ).map(n => n.outerHTML),
       ).toEqual([
-        // async scripts get inserted first in render
         `<script nonce="${CSPnonce}" src="foo" async=""></script>`,
-        `<script nonce="${CSPnonce}" src="baz" integrity="qux" async=""></script>`,
-        `<script nonce="${CSPnonce}" type="module" src="quux" async=""></script>`,
-        `<script nonce="${CSPnonce}" type="module" src="corge" async=""></script>`,
-        `<script nonce="${CSPnonce}" type="module" src="grault" integrity="garply" async=""></script>`,
+        `<script src="baz" integrity="qux" async=""></script>`,
+        `<script type="module" src="quux" async=""></script>`,
+        `<script type="module" src="corge" async=""></script>`,
+        `<script type="module" src="grault" integrity="garply" async=""></script>`,
         `<script nonce="${CSPnonce}">try { foo() } catch (e) {} ;</script>`,
-        `<script nonce="${CSPnonce}" src="bar"></script>`,
+        `<script src="bar"></script>`,
       ]);
     } finally {
       CSPnonce = null;