Simplifying code according to review.

Author: patel-vansh

system/HTTP/ContentSecurityPolicy.php

@@ -427,17 +427,7 @@ public function getScriptNonce(): string
      */
     public function finalize(ResponseInterface $response)
     {
-        if ($this->autoNonce) {
-            $this->generateNonces($response);
-        } elseif (! $this->enabled()) {
-            // If autoNonce is disabled and CSP is not enabled, we should still remove any nonce tags from the body to prevent confusion.
-            $body = (string) $response->getBody();
-
-            if ($body !== '') {
-                $body = str_replace([$this->styleNonceTag, $this->scriptNonceTag], '', $body);
-                $response->setBody($body);
-            }
-        }
+        $this->generateNonces($response);
 
         $this->buildHeaders($response);
     }
@@ -900,6 +890,10 @@ protected function addOption($options, string $target, ?bool $explicitReporting
      */
     protected function generateNonces(ResponseInterface $response)
     {
+        if ($this->enabled() && ! $this->autoNonce) {
+            return;
+        }
+
         $body = (string) $response->getBody();
 
         if ($body === '') {