fix: CSP style nonce is added even if honeypot is not attached

The tag like this was added in <head> tag in every page. <style nonce="ccdd15247e8da0a5b9023a5e">#hpc { display:none }</style>
codeigniter4 · Oct 10, 2023 · 4892849 · 4892849
1 parent a9cd190
commit 4892849
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/system/Honeypot/Honeypot.php b/system/Honeypot/Honeypot.php
@@ -89,16 +89,16 @@ public function attachHoneypot(ResponseInterface $response)
 
         $prepField = $this->prepareTemplate($this->config->template);
 
-        $body = $response->getBody();
-        $body = str_ireplace('</form>', $prepField . '</form>', $body);
+        $bodyBefore = $response->getBody();
+        $bodyAfter  = str_ireplace('</form>', $prepField . '</form>', $bodyBefore);
 
-        if ($response->getCSP()->enabled()) {
+        if ($response->getCSP()->enabled() && ($bodyBefore !== $bodyAfter)) {
             // Add style tag for the container tag in the head tag.
-            $style = '<style ' . csp_style_nonce() . '>#' . $this->config->containerId . ' { display:none }</style>';
-            $body  = str_ireplace('</head>', $style . '</head>', $body);
+            $style     = '<style ' . csp_style_nonce() . '>#' . $this->config->containerId . ' { display:none }</style>';
+            $bodyAfter = str_ireplace('</head>', $style . '</head>', $bodyAfter);
         }
 
-        $response->setBody($body);
+        $response->setBody($bodyAfter);
     }
 
     /**