From 3909bbcfc00cda2173ef10eff463f7e78a67ad83 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martinmckeaveney@gmail.com>
Date: Mon, 3 Jun 2024 15:05:18 +0100
Subject: [PATCH] NGINX headers for security audit

---
 hosting/proxy/nginx.prod.conf | 1 +
 packages/account-portal       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosting/proxy/nginx.prod.conf b/hosting/proxy/nginx.prod.conf
index 79007da311..217106b1bf 100644
--- a/hosting/proxy/nginx.prod.conf
+++ b/hosting/proxy/nginx.prod.conf
@@ -74,6 +74,7 @@ http {
     add_header X-Content-Type-Options nosniff always;
     add_header X-XSS-Protection "1; mode=block" always;
     add_header Content-Security-Policy "${csp_default}; ${csp_script}; ${csp_style}; ${csp_object}; ${csp_base_uri}; ${csp_connect}; ${csp_font}; ${csp_frame}; ${csp_img}; ${csp_manifest}; ${csp_media}; ${csp_worker};" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
     # upstreams
     set $apps ${APPS_UPSTREAM_URL};
diff --git a/packages/account-portal b/packages/account-portal
index c167c331ff..2a5022fb94 160000
--- a/packages/account-portal
+++ b/packages/account-portal
@@ -1 +1 @@
-Subproject commit c167c331ff9b8161fc18e2ecbaaf1ea5815ba964
+Subproject commit 2a5022fb946481c9f7a9c38d1413922729972be0