From 6593803c72a4e3b3ad56e0e773e42fe1b700e19c Mon Sep 17 00:00:00 2001 From: Paul Hutchinson Date: Fri, 14 Nov 2025 11:39:28 +0000 Subject: [PATCH 1/2] [feature] SC-166737/improve app proxy security by restricting where token replacements can go --- manifest.json | 14 +++++++++++++- src/constants.ts | 5 ----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/manifest.json b/manifest.json index ace0c7c..7a83053 100644 --- a/manifest.json +++ b/manifest.json @@ -40,7 +40,19 @@ "methods": ["GET", "POST", "DELETE"], "timeout": 20 }, - { "url": "https://zoom.us/oauth/.*", "methods": ["POST"], "timeout": 20 } + { + "url": "https://zoom.us/oauth/.*", + "methods": ["POST"], + "timeout": 20, + "settingsInjection": { + "client_id": { + "headers": ["Authorization"] + }, + "client_secret": { + "headers": ["Authorization"] + } + } + } ] } } diff --git a/src/constants.ts b/src/constants.ts index 37b9e45..311947f 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -14,11 +14,6 @@ export const ACCESS_TOKEN = `[user[${ACCESS_TOKEN_PATH}]]`; export const REFRESH_TOKEN_PATH = "oauth/global/refresh_token"; export const REFRESH_TOKEN = `[user[${REFRESH_TOKEN_PATH}]]`; -export const placeholders = { - client_id: "__client_id__", - client_secret: "__client_secret__", -}; - /** Zoom */ export const REST_URL = "https://api.zoom.us/v2"; From 87047300496333e429d64eb99c69d29ad61ca6dc Mon Sep 17 00:00:00 2001 From: Paul Hutchinson Date: Wed, 19 Nov 2025 12:32:38 +0000 Subject: [PATCH 2/2] [feature] SC-166737/improve app proxy security by restricting where token replacements can go --- manifest.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index 7a83053..2d705f2 100644 --- a/manifest.json +++ b/manifest.json @@ -46,10 +46,10 @@ "timeout": 20, "settingsInjection": { "client_id": { - "headers": ["Authorization"] + "header": ["Authorization"] }, "client_secret": { - "headers": ["Authorization"] + "header": ["Authorization"] } } }