From b85a63fee9291c907d7a7ade5eec02d2a9fc42f7 Mon Sep 17 00:00:00 2001
From: Paul Hutchinson <paulhappyhutchinson@protonmail.ch>
Date: Mon, 17 Nov 2025 13:35:28 +0000
Subject: [PATCH] [feature] SC-166737/improve app proxy security by restricting
 where token replacements can go

---
 manifest.json    | 13 +++++++++++--
 src/constants.ts |  4 ++--
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/manifest.json b/manifest.json
index 612468b..3e9780d 100644
--- a/manifest.json
+++ b/manifest.json
@@ -92,12 +92,21 @@
       {
         "url": "https://api.linear.app/oauth/.*",
         "methods": ["POST"],
-        "timeout": 20
+        "timeout": 20,
+        "settingInjections": {
+          "client_id": {
+            "body": ["client_id"]
+          },
+          "client_secret": {
+            "body": ["client_secret"]
+          }
+        }
       },
       {
         "url": "https://api.linear.app/graphql",
         "methods": ["POST"],
-        "timeout": 20
+        "timeout": 20,
+        "settingInjections": {}
       }
     ]
   }
diff --git a/src/constants.ts b/src/constants.ts
index 8f802b2..23a6242 100644
--- a/src/constants.ts
+++ b/src/constants.ts
@@ -23,12 +23,12 @@ export const placeholders = {
   ACCESS_TOKEN: `[user[${ACCESS_TOKEN_PATH}]]`,
   CLIENT_ID: "__client_id__",
   CLIENT_SECRET: "__client_secret__",
-};
+} as const;
 
 export const DESKPRO_LABEL = {
   name: "Deskpro",
   color: lightTheme.colors.brandSecondary,
-};
+} as const;
 
 export const GLOBAL_CLIENT_ID = '84426e34c22e0b0b63eb05f3987fc2d4';