From 2c7142562998b428e3036539cf4ee9320e590acd Mon Sep 17 00:00:00 2001
From: Paul Hutchinson <paulhappyhutchinson@protonmail.ch>
Date: Fri, 14 Nov 2025 12:12:42 +0000
Subject: [PATCH 1/2] [feature] SC-166737/improve app proxy security by
 restricting where token replacements can go

---
 manifest.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index 42be924..4b3c890 100644
--- a/manifest.json
+++ b/manifest.json
@@ -41,7 +41,15 @@
       {
         "url": "__store_url__/wp-json/wc/v3/.*",
         "methods": ["GET", "PUT", "POST"],
-        "timeout": 20
+        "timeout": 20,
+        "settingsInjection": {
+          "consumer_key": {
+            "headers": ["Authorization"]
+          },
+          "consumer_secret": {
+            "headers": ["Authorization"]
+          }
+        }
       }
     ]
   }

From 27ea6e90e21ce6aa5320941959b74cce8e105f6b Mon Sep 17 00:00:00 2001
From: Paul Hutchinson <paulhappyhutchinson@protonmail.ch>
Date: Wed, 19 Nov 2025 12:30:47 +0000
Subject: [PATCH 2/2] [feature] SC-166737/improve app proxy security by
 restricting where token replacements can go

---
 manifest.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index 4b3c890..a693df0 100644
--- a/manifest.json
+++ b/manifest.json
@@ -44,10 +44,10 @@
         "timeout": 20,
         "settingsInjection": {
           "consumer_key": {
-            "headers": ["Authorization"]
+            "header": ["Authorization"]
           },
           "consumer_secret": {
-            "headers": ["Authorization"]
+            "header": ["Authorization"]
           }
         }
       }