From f77304ba0a0d6aa2a22995fb36462e85629bdf5b Mon Sep 17 00:00:00 2001
From: Paul Hutchinson <paulhappyhutchinson@protonmail.ch>
Date: Fri, 14 Nov 2025 12:01:43 +0000
Subject: [PATCH] [feature] SC-166737/improve app proxy security by restricting
 where token replacements can go

---
 manifest.json | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index 7bc9f19..b05ac99 100644
--- a/manifest.json
+++ b/manifest.json
@@ -122,12 +122,25 @@
       {
         "url": "__instance_url__/.*",
         "methods": ["GET", "POST", "PUT"],
-        "timeout": 20
+        "timeout": 20,
+        "settingsInjection": {
+          "access_token": {
+            "header": ["Authorization"]
+          }
+        }
       },
       {
         "url": "https://login.wrike.com/oauth2/.*",
         "methods": ["GET", "POST"],
-        "timeout": 20
+        "timeout": 20,
+        "settingsInjection": {
+          "client_id": {
+            "body": ["client_id"]
+          },
+          "client_secret": {
+            "body": ["client_secret"]
+          }
+        }
       }
     ]
   }