fix(nextjs): Extract shared ClerkScriptTags and add getNonce error handling

Extract duplicated script rendering into a shared ClerkScriptTags component
used by both ClerkScripts (client) and DynamicClerkScripts (server). Add
try/catch to getNonce() so errors in prerendering or "use cache" contexts
degrade gracefully instead of propagating unhandled.

Author: jacekradko

packages/nextjs/src/app-router/server/DynamicClerkScripts.tsx

@@ -1,6 +1,6 @@
-import { buildClerkJSScriptAttributes, clerkJSScriptUrl, clerkUIScriptUrl } from '@clerk/react/internal';
 import React from 'react';
 
+import { ClerkScriptTags } from '../../utils/clerk-script-tags';
 import { getNonce } from './utils';
 
 type DynamicClerkScriptsProps = {
@@ -27,43 +27,16 @@ export async function DynamicClerkScripts(props: DynamicClerkScriptsProps) {
 
   const nonce = await getNonce();
 
-  const opts = {
-    publishableKey,
-    clerkJSUrl,
-    clerkJSVersion,
-    clerkUIUrl,
-    nonce,
-    domain,
-    proxyUrl,
-  };
-
-  const scriptUrl = clerkJSScriptUrl(opts);
-  const attributes = buildClerkJSScriptAttributes(opts);
-
   return (
-    <>
-      <script
-        src={scriptUrl}
-        data-clerk-js-script
-        async
-        crossOrigin='anonymous'
-        {...attributes}
-      />
-      {/* Use <link rel='preload'> instead of <script> for the UI bundle.
-          This tells the browser to download the resource immediately (high priority)
-          but doesn't execute it, avoiding race conditions with __clerkSharedModules
-          registration (which happens when React code runs @clerk/ui/register).
-          When loadClerkUIScript() later adds a <script> tag, the browser uses the
-          cached resource and executes it without re-downloading. */}
-      {prefetchUI !== false && (
-        <link
-          rel='preload'
-          href={clerkUIScriptUrl(opts)}
-          as='script'
-          crossOrigin='anonymous'
-          nonce={nonce}
-        />
-      )}
-    </>
+    <ClerkScriptTags
+      publishableKey={publishableKey}
+      clerkJSUrl={clerkJSUrl}
+      clerkJSVersion={clerkJSVersion}
+      clerkUIUrl={clerkUIUrl}
+      nonce={nonce}
+      domain={domain}
+      proxyUrl={proxyUrl}
+      prefetchUI={prefetchUI}
+    />
   );
 }

packages/nextjs/src/app-router/server/utils.ts

@@ -158,13 +158,21 @@ export function getScriptNonceFromHeader(cspHeaderValue: string): string | undef
  * Uses React.cache to deduplicate calls within the same request.
  */
 export const getNonce = React.cache(async function getNonce(): Promise<string> {
-  // Dynamically import next/headers
-  // @ts-expect-error: Cannot find module 'next/headers' or its corresponding type declarations.ts(2307)
-  const { headers } = await import('next/headers');
-  const headersList = await headers();
-  const nonce = headersList.get('X-Nonce');
-  return nonce
-    ? nonce
-    : // Fallback to extracting from CSP header
-      getScriptNonceFromHeader(headersList.get('Content-Security-Policy') || '') || '';
+  try {
+    // Dynamically import next/headers
+    // @ts-expect-error: Cannot find module 'next/headers' or its corresponding type declarations.ts(2307)
+    const { headers } = await import('next/headers');
+    const headersList = await headers();
+    const nonce = headersList.get('X-Nonce');
+    return nonce
+      ? nonce
+      : // Fallback to extracting from CSP header
+        getScriptNonceFromHeader(headersList.get('Content-Security-Policy') || '') || '';
+  } catch (e) {
+    if (isPrerenderingBailout(e)) {
+      throw e;
+    }
+    // Graceful degradation — scripts load without nonce
+    return '';
+  }
 });

packages/nextjs/src/utils/clerk-script-tags.tsx

@@ -0,0 +1,59 @@
+import { buildClerkJSScriptAttributes, clerkJSScriptUrl, clerkUIScriptUrl } from '@clerk/react/internal';
+import React from 'react';
+
+type ClerkScriptTagsProps = {
+  publishableKey: string;
+  clerkJSUrl?: string;
+  clerkJSVersion?: string;
+  clerkUIUrl?: string;
+  nonce?: string;
+  domain?: string;
+  proxyUrl?: string;
+  prefetchUI?: boolean;
+};
+
+/**
+ * Pure component that renders the Clerk script tags.
+ * Shared between `ClerkScripts` (client, app router) and `DynamicClerkScripts` (server).
+ * No hooks or client-only imports — safe for both server and client components.
+ */
+export function ClerkScriptTags(props: ClerkScriptTagsProps) {
+  const { publishableKey, clerkJSUrl, clerkJSVersion, clerkUIUrl, nonce, domain, proxyUrl, prefetchUI } = props;
+
+  const opts = {
+    publishableKey,
+    clerkJSUrl,
+    clerkJSVersion,
+    clerkUIUrl,
+    nonce,
+    domain,
+    proxyUrl,
+  };
+
+  return (
+    <>
+      <script
+        src={clerkJSScriptUrl(opts)}
+        data-clerk-js-script
+        async
+        crossOrigin='anonymous'
+        {...buildClerkJSScriptAttributes(opts)}
+      />
+      {/* Use <link rel='preload'> instead of <script> for the UI bundle.
+          This tells the browser to download the resource immediately (high priority)
+          but doesn't execute it, avoiding race conditions with __clerkSharedModules
+          registration (which happens when React code runs @clerk/ui/register).
+          When loadClerkUIScript() later adds a <script> tag, the browser uses the
+          cached resource and executes it without re-downloading. */}
+      {prefetchUI !== false && (
+        <link
+          rel='preload'
+          href={clerkUIScriptUrl(opts)}
+          as='script'
+          crossOrigin='anonymous'
+          nonce={nonce}
+        />
+      )}
+    </>
+  );
+}

packages/nextjs/src/utils/clerk-script.tsx

@@ -4,47 +4,54 @@ import NextScript from 'next/script';
 import React from 'react';
 
 import { useClerkNextOptions } from '../client-boundary/NextOptionsContext';
+import { ClerkScriptTags } from './clerk-script-tags';
 
 type ClerkScriptProps = {
   scriptUrl: string;
   attributes: Record<string, string>;
   dataAttribute: string;
-  router: 'app' | 'pages';
 };
 
 function ClerkScript(props: ClerkScriptProps) {
-  const { scriptUrl, attributes, dataAttribute, router } = props;
-
-  /**
-   * Notes:
-   * `next/script` in 13.x.x when used with App Router will fail to pass any of our `data-*` attributes, resulting in errors
-   * Nextjs App Router will automatically move inline scripts inside `<head/>`
-   * Using the `nextjs/script` for App Router with the `beforeInteractive` strategy will throw an error because our custom script will be mounted outside the `html` tag.
-   */
-  const Script = router === 'app' ? 'script' : NextScript;
+  const { scriptUrl, attributes, dataAttribute } = props;
 
   return (
-    <Script
+    <NextScript
       src={scriptUrl}
       {...{ [dataAttribute]: true }}
       async
       // `nextjs/script` will add defer by default and does not get removed when async is true
-      defer={router === 'pages' ? false : undefined}
+      defer={false}
       crossOrigin='anonymous'
-      strategy={router === 'pages' ? 'beforeInteractive' : undefined}
+      strategy='beforeInteractive'
       {...attributes}
     />
   );
 }
 
-export function ClerkScripts({ router }: { router: ClerkScriptProps['router'] }) {
+export function ClerkScripts({ router }: { router: 'app' | 'pages' }) {
   const { publishableKey, clerkJSUrl, clerkJSVersion, clerkUIUrl, nonce, prefetchUI } = useClerkNextOptions();
   const { domain, proxyUrl } = useClerk();
 
   if (!publishableKey) {
     return null;
   }
 
+  if (router === 'app') {
+    return (
+      <ClerkScriptTags
+        publishableKey={publishableKey}
+        clerkJSUrl={clerkJSUrl}
+        clerkJSVersion={clerkJSVersion}
+        clerkUIUrl={clerkUIUrl}
+        nonce={nonce}
+        domain={domain}
+        proxyUrl={proxyUrl}
+        prefetchUI={prefetchUI}
+      />
+    );
+  }
+
   const opts = {
     publishableKey,
     clerkJSUrl,
@@ -61,14 +68,7 @@ export function ClerkScripts({ router }: { router: ClerkScriptProps['router'] })
         scriptUrl={clerkJSScriptUrl(opts)}
         attributes={buildClerkJSScriptAttributes(opts)}
         dataAttribute='data-clerk-js-script'
-        router={router}
       />
-      {/* Use <link rel='preload'> instead of <script> for the UI bundle.
-          This tells the browser to download the resource immediately (high priority)
-          but doesn't execute it, avoiding race conditions with __clerkSharedModules
-          registration (which happens when React code runs @clerk/ui/register).
-          When loadClerkUIScript() later adds a <script> tag, the browser uses the
-          cached resource and executes it without re-downloading. */}
       {prefetchUI !== false && (
         <link
           rel='preload'