From 57132c072b6bae340e16f9afc4429b807009997f Mon Sep 17 00:00:00 2001
From: Utsav Patel <utsav.patel1512@outlook.com>
Date: Mon, 8 Dec 2025 22:11:30 +0530
Subject: [PATCH 1/3] Fix: QA issues

---
 assets/src/admin/patterns/components/SiteSelection.js | 2 ++
 assets/src/components/SiteModal.js                    | 3 ++-
 assets/src/hooks/useSitesManagement.js                | 1 +
 inc/Modules/Core/Rest.php                             | 1 +
 inc/Modules/Rest/Abstract_REST_Controller.php         | 8 ++++++++
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/assets/src/admin/patterns/components/SiteSelection.js b/assets/src/admin/patterns/components/SiteSelection.js
index 306a0f9..848c60a 100644
--- a/assets/src/admin/patterns/components/SiteSelection.js
+++ b/assets/src/admin/patterns/components/SiteSelection.js
@@ -93,10 +93,12 @@ const SiteSelection = ( {
 			} )
 			.map( ( site ) => site.id );
 
+		setIsSiteSelected( selectableSiteIds.length > 0 );
 		editPost( { meta: { brand_site: selectableSiteIds } } );
 	};
 
 	const deselectAllSites = () => {
+		setIsSiteSelected( false );
 		editPost( { meta: { brand_site: [] } } );
 	};
 
diff --git a/assets/src/components/SiteModal.js b/assets/src/components/SiteModal.js
index d61e8e5..237815d 100644
--- a/assets/src/components/SiteModal.js
+++ b/assets/src/components/SiteModal.js
@@ -110,12 +110,13 @@ const SiteModal = ( { formData, setFormData, onSubmit, onClose, editing, origina
 		try {
 			// Perform health-check
 			const healthCheck = await fetch(
-				`${ formData.url }/wp-json/onedesign/v1/health-check`,
+				`${ formData.url }/wp-json/onedesign/v1/health-check?timestamp=${ Date.now() }`,
 				{
 					method: 'GET',
 					headers: {
 						'Content-Type': 'application/json',
 						'X-OneDesign-Token': formData.api_key,
+						'X-OneDesign-Source': 'Settings',
 					},
 				},
 			);
diff --git a/assets/src/hooks/useSitesManagement.js b/assets/src/hooks/useSitesManagement.js
index 860e362..34b5ded 100644
--- a/assets/src/hooks/useSitesManagement.js
+++ b/assets/src/hooks/useSitesManagement.js
@@ -38,6 +38,7 @@ const useSitesManagement = ( { NONCE, API_NAMESPACE } ) => {
 								headers: {
 									'Content-Type': 'application/json',
 									'X-OneDesign-Token': siteApiKey,
+									'X-OneDesign-Source': 'Patterns-Templates-Sharing',
 								},
 							},
 						);
diff --git a/inc/Modules/Core/Rest.php b/inc/Modules/Core/Rest.php
index e691da2..1bc7210 100644
--- a/inc/Modules/Core/Rest.php
+++ b/inc/Modules/Core/Rest.php
@@ -40,6 +40,7 @@ public function allowed_cors_headers( $headers ): array {
 			$headers,
 			[
 				'X-OneDesign-Token',
+				'X-OneDesign-Source',
 			]
 		);
 	}
diff --git a/inc/Modules/Rest/Abstract_REST_Controller.php b/inc/Modules/Rest/Abstract_REST_Controller.php
index 0a827df..41b6c78 100644
--- a/inc/Modules/Rest/Abstract_REST_Controller.php
+++ b/inc/Modules/Rest/Abstract_REST_Controller.php
@@ -101,6 +101,14 @@ public function check_api_permissions( $request ) {
 		// If it's a healthcheck with no governing site, allow it and set the governing site.
 		if ( empty( $governing_site_url ) ) {
 			if ( '/' . $this->namespace . '/health-check' === $request->get_route() ) {
+
+				// Need to check x-onedesign-source header to confirm request source is from settings page as we are performing health check before sharing patterns/templates.
+				$source = $request->get_header( 'X_ONEDESIGN_SOURCE' );
+				$source = ! empty( $source ) ? sanitize_text_field( wp_unslash( $source ) ) : '';
+				if ( 'Settings' !== $source ) {
+					return false;
+				}
+
 				Settings::set_parent_site_url( $request_origin );
 				return true;
 			}

From af50029e88906504c7071f4768068081ff65cd33 Mon Sep 17 00:00:00 2001
From: Utsav Patel <utsav.patel1512@outlook.com>
Date: Mon, 8 Dec 2025 22:24:17 +0530
Subject: [PATCH 2/3] fix: headers code

---
 inc/Modules/Core/Rest.php | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/inc/Modules/Core/Rest.php b/inc/Modules/Core/Rest.php
index 1bc7210..a98a5c2 100644
--- a/inc/Modules/Core/Rest.php
+++ b/inc/Modules/Core/Rest.php
@@ -31,17 +31,21 @@ public function register_hooks(): void {
 	 * @return array<int, string> Modified headers.
 	 */
 	public function allowed_cors_headers( $headers ): array {
-		// Skip if the headers are already present.
-		if ( in_array( 'X-OneDesign-Token', $headers, true ) ) {
-			return $headers;
+
+		$headers_to_add = [
+			'X-OneDesign-Token',
+			'X-OneDesign-Source',
+		];
+
+		// Only add headers that aren't already present.
+		foreach ( $headers_to_add as $header ) {
+			if ( in_array( $header, $headers, true ) ) {
+				continue;
+			}
+
+			$headers[] = $header;
 		}
 
-		return array_merge(
-			$headers,
-			[
-				'X-OneDesign-Token',
-				'X-OneDesign-Source',
-			]
-		);
+		return $headers;
 	}
 }

From 390291702dd3ce1edfa75619343837151d1f995d Mon Sep 17 00:00:00 2001
From: Utsav Patel <utsav.patel1512@outlook.com>
Date: Thu, 11 Dec 2025 17:44:05 +0530
Subject: [PATCH 3/3] Fix: show more issue

---
 assets/src/admin/templates/components/TemplateModal.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/assets/src/admin/templates/components/TemplateModal.js b/assets/src/admin/templates/components/TemplateModal.js
index 7ee79ee..771d1f0 100644
--- a/assets/src/admin/templates/components/TemplateModal.js
+++ b/assets/src/admin/templates/components/TemplateModal.js
@@ -380,7 +380,7 @@ const TemplateModal = () => {
 												template.title.toLowerCase().includes( searchQuery.toLowerCase() ) ||
 											( template.description && template.description.toLowerCase().includes( searchQuery.toLowerCase() ) ),
 											) }
-											currentPage={ 1 }
+											currentPage={ currentPage }
 											PER_PAGE={ PER_PAGE }
 											selectedTemplates={ selectedTemplates }
 											handleTemplateSelection={ handleTemplateSelection }