From 3909bbcfc00cda2173ef10eff463f7e78a67ad83 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Mon, 3 Jun 2024 15:05:18 +0100 Subject: [PATCH 1/2] NGINX headers for security audit --- hosting/proxy/nginx.prod.conf | 1 + packages/account-portal | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosting/proxy/nginx.prod.conf b/hosting/proxy/nginx.prod.conf index 79007da311..217106b1bf 100644 --- a/hosting/proxy/nginx.prod.conf +++ b/hosting/proxy/nginx.prod.conf @@ -74,6 +74,7 @@ http { add_header X-Content-Type-Options nosniff always; add_header X-XSS-Protection "1; mode=block" always; add_header Content-Security-Policy "${csp_default}; ${csp_script}; ${csp_style}; ${csp_object}; ${csp_base_uri}; ${csp_connect}; ${csp_font}; ${csp_frame}; ${csp_img}; ${csp_manifest}; ${csp_media}; ${csp_worker};" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # upstreams set $apps ${APPS_UPSTREAM_URL}; diff --git a/packages/account-portal b/packages/account-portal index c167c331ff..2a5022fb94 160000 --- a/packages/account-portal +++ b/packages/account-portal @@ -1 +1 @@ -Subproject commit c167c331ff9b8161fc18e2ecbaaf1ea5815ba964 +Subproject commit 2a5022fb946481c9f7a9c38d1413922729972be0 From 63e7421dd56cbfe18ba304628af4394e899328e8 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Tue, 4 Jun 2024 12:41:07 +0100 Subject: [PATCH 2/2] acct portal --- packages/account-portal | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/account-portal b/packages/account-portal index 2a5022fb94..e8136bd1ea 160000 --- a/packages/account-portal +++ b/packages/account-portal @@ -1 +1 @@ -Subproject commit 2a5022fb946481c9f7a9c38d1413922729972be0 +Subproject commit e8136bd1ea9fa4c61a4bcbeda482abea0b6c3d9f