From 0c24f6924e46ecc4eed86294ecd2541ffda7f876 Mon Sep 17 00:00:00 2001
From: Thomas Rijpstra <thomas@fourlights.nl>
Date: Tue, 18 Jul 2023 12:31:59 +0200
Subject: [PATCH] fix(nonce): make sure nonce nitro plugin is executed last

---
 src/module.ts                                 | 20 +++++++++----------
 .../{hidePoweredBy.ts => 01-hidePoweredBy.ts} |  0
 .../nitro/plugins/{cspSsg.ts => 02-cspSsg.ts} |  0
 .../plugins/{cspNonce.ts => 99-cspNonce.ts}   |  0
 4 files changed, 10 insertions(+), 10 deletions(-)
 rename src/runtime/nitro/plugins/{hidePoweredBy.ts => 01-hidePoweredBy.ts} (100%)
 rename src/runtime/nitro/plugins/{cspSsg.ts => 02-cspSsg.ts} (100%)
 rename src/runtime/nitro/plugins/{cspNonce.ts => 99-cspNonce.ts} (100%)

diff --git a/src/module.ts b/src/module.ts
index 20088d77..f7b16202 100644
--- a/src/module.ts
+++ b/src/module.ts
@@ -230,32 +230,32 @@ const registerSecurityNitroPlugins = (
       config.plugins.push(
         normalize(
           fileURLToPath(
-            new URL("./runtime/nitro/plugins/hidePoweredBy", import.meta.url)
+            new URL("./runtime/nitro/plugins/01-hidePoweredBy", import.meta.url)
           )
         )
       );
     }
 
-    // Nitro plugin to enable nonce for CSP
-    if (nuxt.options.security.nonce) {
+    // Register nitro plugin to enable CSP for SSG
+    if (
+      typeof securityOptions.headers === "object" &&
+      securityOptions.headers.contentSecurityPolicy
+    ) {
       config.plugins.push(
         normalize(
           fileURLToPath(
-            new URL("./runtime/nitro/plugins/cspNonce", import.meta.url)
+            new URL("./runtime/nitro/plugins/02-cspSsg", import.meta.url)
           )
         )
       );
     }
 
-    // Register nitro plugin to enable CSP for SSG
-    if (
-      typeof securityOptions.headers === "object" &&
-      securityOptions.headers.contentSecurityPolicy
-    ) {
+    // Nitro plugin to enable nonce for CSP
+    if (nuxt.options.security.nonce) {
       config.plugins.push(
         normalize(
           fileURLToPath(
-            new URL("./runtime/nitro/plugins/cspSsg", import.meta.url)
+            new URL("./runtime/nitro/plugins/99-cspNonce", import.meta.url)
           )
         )
       );
diff --git a/src/runtime/nitro/plugins/hidePoweredBy.ts b/src/runtime/nitro/plugins/01-hidePoweredBy.ts
similarity index 100%
rename from src/runtime/nitro/plugins/hidePoweredBy.ts
rename to src/runtime/nitro/plugins/01-hidePoweredBy.ts
diff --git a/src/runtime/nitro/plugins/cspSsg.ts b/src/runtime/nitro/plugins/02-cspSsg.ts
similarity index 100%
rename from src/runtime/nitro/plugins/cspSsg.ts
rename to src/runtime/nitro/plugins/02-cspSsg.ts
diff --git a/src/runtime/nitro/plugins/cspNonce.ts b/src/runtime/nitro/plugins/99-cspNonce.ts
similarity index 100%
rename from src/runtime/nitro/plugins/cspNonce.ts
rename to src/runtime/nitro/plugins/99-cspNonce.ts