Merge pull request #13842 from Budibase/security-audit

NGINX headers for security audit

hosting/proxy/nginx.prod.conf

@@ -74,6 +74,7 @@ http {
     add_header X-Content-Type-Options nosniff always;
     add_header X-XSS-Protection "1; mode=block" always;
     add_header Content-Security-Policy "${csp_default}; ${csp_script}; ${csp_style}; ${csp_object}; ${csp_base_uri}; ${csp_connect}; ${csp_font}; ${csp_frame}; ${csp_img}; ${csp_manifest}; ${csp_media}; ${csp_worker};" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
     # upstreams
     set $apps ${APPS_UPSTREAM_URL};

packages/pro

@@ -1 +1 @@
-Subproject commit 5189b83bea1868574ff7f4c51fe5db38a11badb8
+Subproject commit d3c3077011a8e20ed3c48dcd6301caca4120b6ac