fix(nonce): make sure nonce nitro plugin is executed last

src/module.ts

@@ -230,32 +230,32 @@ const registerSecurityNitroPlugins = (
       config.plugins.push(
         normalize(
           fileURLToPath(
-            new URL("./runtime/nitro/plugins/hidePoweredBy", import.meta.url)
+            new URL("./runtime/nitro/plugins/01-hidePoweredBy", import.meta.url)
           )
         )
       );
     }
 
-    // Nitro plugin to enable nonce for CSP
-    if (nuxt.options.security.nonce) {
+    // Register nitro plugin to enable CSP for SSG
+    if (
+      typeof securityOptions.headers === "object" &&
+      securityOptions.headers.contentSecurityPolicy
+    ) {
       config.plugins.push(
         normalize(
           fileURLToPath(
-            new URL("./runtime/nitro/plugins/cspNonce", import.meta.url)
+            new URL("./runtime/nitro/plugins/02-cspSsg", import.meta.url)
           )
         )
       );
     }
 
-    // Register nitro plugin to enable CSP for SSG
-    if (
-      typeof securityOptions.headers === "object" &&
-      securityOptions.headers.contentSecurityPolicy
-    ) {
+    // Nitro plugin to enable nonce for CSP
+    if (nuxt.options.security.nonce) {
       config.plugins.push(
         normalize(
           fileURLToPath(
-            new URL("./runtime/nitro/plugins/cspSsg", import.meta.url)
+            new URL("./runtime/nitro/plugins/99-cspNonce", import.meta.url)
           )
         )
       );