From 77420fa41a9aa1a8bb17290df8a088b333309f43 Mon Sep 17 00:00:00 2001
From: Johan van der Heide <johan.vanderheide@jield.nl>
Date: Tue, 20 May 2025 15:16:21 +0200
Subject: [PATCH 1/2] Better NGINX headers

---
 .docker/nginx/nginx.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.docker/nginx/nginx.conf b/.docker/nginx/nginx.conf
index 50a26d4..c77a05b 100644
--- a/.docker/nginx/nginx.conf
+++ b/.docker/nginx/nginx.conf
@@ -13,7 +13,9 @@ server {
         fastcgi_index index.php;
         include fastcgi_params;
         fastcgi_read_timeout 300;
-        add_header X-Frame-Options "SAMEORIGIN";
+        add_header Content-Security-Policy "frame-ancestors 'none'";
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+        add_header X-Frame-Options "DENY";
         add_header X-server-header "Powered by Jield - info@jield.nl";
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param PATH_INFO $fastcgi_path_info;

From 3b30f7560bff42c937855683f2a3377f1ac9368a Mon Sep 17 00:00:00 2001
From: Johan van der Heide <johan.vanderheide@jield.nl>
Date: Tue, 10 Jun 2025 13:53:10 +0200
Subject: [PATCH 2/2] Version bumps

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 084b688..8fa316a 100644
--- a/README.md
+++ b/README.md
@@ -24,8 +24,8 @@ PHP versions:
 
 - 8.1.32 (only Azure container)
 - 8.2.28
-- 8.3.21
-- 8.4.7
+- 8.3.22
+- 8.4.8
 
 Azure containers contain an SSH server and default Azure credentials.
 Johan van der Heide, Jield BV (johan.vanderheide@jield.nl)