From 8bebaf21371b4bd0018ed1271b86100fe4819d02 Mon Sep 17 00:00:00 2001
From: Paul Hutchinson <paulhappyhutchinson@protonmail.ch>
Date: Wed, 19 Nov 2025 11:10:18 +0000
Subject: [PATCH] [feature] SC-166737/improve app proxy security by restricting
 where token replacements can go

---
 manifest.json | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index a25e77d..03b38eb 100644
--- a/manifest.json
+++ b/manifest.json
@@ -77,12 +77,21 @@
       {
         "url": "https://(.*).api.mailchimp.com/.*",
         "methods": ["GET", "POST", "PUT", "DELETE"],
-        "timeout": 30
+        "timeout": 30,
+        "settingsInjection": {}
       },
       {
         "url": "https://login.mailchimp.com/oauth2/.*",
         "methods": ["GET", "POST"],
-        "timeout": 30
+        "timeout": 30,
+        "settingsInjection": {
+          "client_id": {
+            "body": ["client_id"]
+          },
+          "client_secret": {
+            "body": ["client_secret"]
+          }
+        }
       }
     ]
   }