diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml
index 1129e77..ebd6af7 100644
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@@ -16,6 +16,7 @@ networks:
 services:
   nextcloud-app:
     image: nextcloud-cron:23.0.9
+    build: .
     container_name: nextcloud-app
     restart: unless-stopped
     extra_hosts :
@@ -40,7 +41,7 @@ services:
       traefik.http.services.nextcloud-web.loadbalancer.server.port: 80
       traefik.enable: true
       # https://docs.nextcloud.com/server/16/admin_manual/configuration_server/reverse_proxy_configuration.html
-      traefik.http.routers.nextcloud-web.middlewares: nextcloud-web@docker
+      traefik.http.routers.nextcloud-web.middlewares: nextcloud-web@docker, allowFrameAndCORS@file
       traefik.http.middlewares.nextcloud-web.redirectregex.permanent: true
       traefik.http.middlewares.nextcloud-web.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
       traefik.http.middlewares.nextcloud-web.redirectregex.replacement: "https://$${1}/remote.php/dav/"
@@ -48,7 +49,7 @@ services:
 
   redis:
     image: redis
-    image: 'bitnami/redis:7.0.2'
+    image: 'bitnami/redis:7.0.4'
     container_name: redis
     environment:
       - "TZ=Europe/Paris"
@@ -59,7 +60,7 @@ services:
 
 
   nextcloud-db:
-    image: postgres:11
+    image: postgres:11.17-bullseye
     container_name: nextcloud-db
     volumes:
       - nextcloud-db:/var/lib/postgresql/data
@@ -93,5 +94,6 @@ services:
       traefik.http.routers.collabora.entrypoints: websecure
       traefik.http.routers.collabora.rule: Host(`code.oasis21.org`)
       traefik.http.services.collabora.loadbalancer.server.port: 9980
+      traefik.http.routers.collabora.middlewares: allowFrameAndCORS@file
       traefik.enable: true
 
diff --git a/traefik/traefik_dynamic.toml b/traefik/traefik_dynamic.toml
index 344fb72..2fa95cd 100644
--- a/traefik/traefik_dynamic.toml
+++ b/traefik/traefik_dynamic.toml
@@ -18,7 +18,7 @@
     frameDeny = true
     stsIncludeSubdomains = true
     stsPreload = true
-    customFrameOptionsValue = "SAMEORIGIN"
+    customFrameOptionsValue = "ALLOW-FROM https://code.oasis21.org https://cloud.oasis21.org"
     referrerPolicy = "same-origin"
     permissionsPolicy = "vibrate='self'"
     stsSeconds = 315360000
@@ -27,7 +27,8 @@
     excludedContentTypes = ["text/event-stream"]
 
   [http.middlewares.allowFrameAndCORS.headers]
-    contentSecurityPolicy = "frame-ancestors *"
+    customFrameOptionsValue = "ALLOW-FROM https://code.oasis21.org"
+    contentSecurityPolicy = "frame-ancestors * cloud.oasis21.org"
     accessControlAllowHeaders = ["*"]
     accessControlAllowMethods = ["GET", "POST", "OPTIONS"]
     accessControlAllowOriginList = ["*"]