From e4c0ba613ef86c7683618d7cc060d787fc01c30f Mon Sep 17 00:00:00 2001
From: Paul Hutchinson <paulhappyhutchinson@protonmail.ch>
Date: Tue, 18 Nov 2025 13:43:45 +0000
Subject: [PATCH 1/2] [feature] SC-166737/improve app proxy security by
 restricting where token replacements can go

---
 manifest.json | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index b37e1a7..45e0d13 100644
--- a/manifest.json
+++ b/manifest.json
@@ -57,12 +57,21 @@
       {
         "url": "https://app.productboard.com/.*",
         "methods": ["GET", "POST"],
-        "timeout": 20
+        "timeout": 20,
+        "settingsInjection": {
+          "client_id": {
+            "querystring": ["client_id"]
+          },
+          "client_secret": {
+            "querystring": ["client_id"]
+          }
+        }
       },
       {
         "url": "https://api.productboard.com/.*",
         "methods": ["GET", "POST"],
-        "timeout": 20
+        "timeout": 20,
+        "settingsInjection": {}
       }
     ]
   }

From e5d44dd918b3b439eeedcaf981bd8390298c96e6 Mon Sep 17 00:00:00 2001
From: Paul Hutchinson <paulhappyhutchinson@protonmail.ch>
Date: Tue, 18 Nov 2025 13:44:09 +0000
Subject: [PATCH 2/2] [feature] SC-166737/improve app proxy security by
 restricting where token replacements can go

---
 manifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index 45e0d13..d48b0a6 100644
--- a/manifest.json
+++ b/manifest.json
@@ -63,7 +63,7 @@
             "querystring": ["client_id"]
           },
           "client_secret": {
-            "querystring": ["client_id"]
+            "querystring": ["client_secret"]
           }
         }
       },