Created a method to clear nonce placeholders.

patel-vansh · patel-vansh · commit 19380aa37305 · 2026-02-08T18:09:58.000+05:30
diff --git a/system/HTTP/ContentSecurityPolicy.php b/system/HTTP/ContentSecurityPolicy.php
@@ -1052,4 +1052,9 @@ public function clearDirective(string $directive): void
 
         $this->{$this->directives[$directive]} = [];
     }
+
+    public function clearNoncePlaceholders(string $text): string
+    {
+        return str_replace([$this->styleNonceTag, $this->scriptNonceTag], '', $text);
+    }
 }
diff --git a/system/HTTP/ResponseTrait.php b/system/HTTP/ResponseTrait.php
@@ -370,7 +370,7 @@ public function send()
         if ($this->CSP->enabled()) {
             $this->CSP->finalize($this);
         } else {
-            $this->body = str_replace(['{csp-style-nonce}', '{csp-script-nonce}'], '', $this->body ?? '');
+            $this->body = $this->CSP->clearNoncePlaceholders($this->body);
         }
 
         $this->sendHeaders();

Original file line number	Diff line number	Diff line change
`@@ -1052,4 +1052,9 @@ public function clearDirective(string $directive): void`
`1052`	`1052`
`1053`	`1053`	`$this->{$this->directives[$directive]} = [];`
`1054`	`1054`	`}`
	`1055`	`+`
	`1056`	`+ public function clearNoncePlaceholders(string $text): string`
	`1057`	`+ {`
	`1058`	`+ return str_replace([$this->styleNonceTag, $this->scriptNonceTag], '', $text);`
	`1059`	`+ }`
`1055`	`1060`	`}`
Original file line number	Diff line number	Diff line change
`@@ -370,7 +370,7 @@ public function send()`
`370`	`370`	`if ($this->CSP->enabled()) {`
`371`	`371`	`$this->CSP->finalize($this);`
`372`	`372`	`} else {`
`373`		`- $this->body = str_replace(['{csp-style-nonce}', '{csp-script-nonce}'], '', $this->body ?? '');`
	`373`	`+ $this->body = $this->CSP->clearNoncePlaceholders($this->body);`
`374`	`374`	`}`
`375`	`375`
`376`	`376`	`$this->sendHeaders();`