From c6335188be3d0c4a9453e094866e97c9e5c8fe1b Mon Sep 17 00:00:00 2001
From: sugenganthos <sugenganthos@users.noreply.github.com>
Date: Wed, 22 Aug 2018 10:00:29 +0700
Subject: [PATCH 1/2] Update Response.php

Remove {csp-style-nonce} from end page when CSP is not enabled. If page send to user contains {csp-style-nonce} or {csp-style-nonce} then it would not pass html check and says 'no value'.

Needs to check about performance because regex will runs to a whole views regardless of CSP setting.
---
 system/HTTP/Response.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/system/HTTP/Response.php b/system/HTTP/Response.php
index 2276b7fa37c2..2a260f6630be 100644
--- a/system/HTTP/Response.php
+++ b/system/HTTP/Response.php
@@ -639,6 +639,8 @@ public function send()
 		if ($this->CSPEnabled === true)
 		{
 			$this->CSP->finalize($this);
+		}else{
+		    $this->body = preg_replace('/{csp-style-nonce}|{csp-script-nonce}/','', $this->body);
 		}
 
 		$this->sendHeaders();

From dfd832d701d243c9dacfbddcc86784a923189170 Mon Sep 17 00:00:00 2001
From: sugenganthos <sugenganthos@users.noreply.github.com>
Date: Wed, 22 Aug 2018 11:05:05 +0700
Subject: [PATCH 2/2] Update Response.php

---
 system/HTTP/Response.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/system/HTTP/Response.php b/system/HTTP/Response.php
index 2a260f6630be..40911e38096d 100644
--- a/system/HTTP/Response.php
+++ b/system/HTTP/Response.php
@@ -640,7 +640,8 @@ public function send()
 		{
 			$this->CSP->finalize($this);
 		}else{
-		    $this->body = preg_replace('/{csp-style-nonce}|{csp-script-nonce}/','', $this->body);
+		    
+			$this->body = str_replace(['{csp-style-nonce}','{csp-script-nonce}'], '', $this->body);
 		}
 
 		$this->sendHeaders();