Don't show perf & export cards for invalid (client error) requests

pimterry · pimterry · commit 900a8750ff73 · 2024-06-26T19:11:52.000+02:00
Without this, it's possible to send an invalid request, that will then
generate a code export with an invalid (and in some cases potentially
dangerous, since httpsnippet assumes header keys are valid when
escaping) code snippet.

There's no good reason to export code that will send a totally
unparseable request, and any perf information is probably invalid anyway
since the request hasn't completed the normal request processing etc
(this is more debateable, but personally I'd be surprised if many users
are interested in the performance of invalid requests).
diff --git a/src/components/view/http/http-details-pane.tsx b/src/components/view/http/http-details-pane.tsx
@@ -180,7 +180,7 @@ export class HttpDetailsPane extends React.Component<{
 
         const errorType = tagsToErrorType(tags);
 
-        if (errorType) {
+        if (errorType && !exchange.hideErrors) {
             return <HttpErrorHeader type={errorType} {...errorHeaderProps} />;
         } else {
             return null;
@@ -345,18 +345,21 @@ export class HttpDetailsPane extends React.Component<{
             }
         }
 
-        if (exchange.isWebSocket() && exchange.wasAccepted()) {
-            cards.push(this.renderWebSocketMessages(exchange));
-
-            if (exchange.closeState) {
-                cards.push(<WebSocketCloseCard
-                    {...this.cardProps.webSocketClose}
-                    theme={uiStore!.theme}
-                    closeState={exchange.closeState}
-                />);
+        if (exchange.isWebSocket()) {
+            if (exchange.wasAccepted()) {
+                cards.push(this.renderWebSocketMessages(exchange));
+
+                if (exchange.closeState) {
+                    cards.push(<WebSocketCloseCard
+                        {...this.cardProps.webSocketClose}
+                        theme={uiStore!.theme}
+                        closeState={exchange.closeState}
+                    />);
+                }
             }
-        } else {
-            // We only show performance & export for non-websockets, for now:
+        } else if (!exchange.tags.some(tag => tag.startsWith('client-error:'))) {
+            // We show perf & export only for valid requests, and never for
+            // websockets (at least for now):
 
             // Push all cards below this point to the bottom
             cards.push(<CardDivider key='divider' />);
@@ -503,14 +506,7 @@ export class HttpDetailsPane extends React.Component<{
     @action.bound
     private ignoreError() {
         const { exchange } = this.props;
-
-        // Drop all error tags from this exchange
-        exchange.tags = exchange.tags.filter(t =>
-            !t.startsWith('passthrough-error:') &&
-            !t.startsWith('passthrough-tls-error:') &&
-            !t.startsWith('client-error:') &&
-            !['header-overflow', 'http-2'].includes(t)
-        );
+        exchange.hideErrors = true;
     }
 
 };
diff --git a/src/model/http/exchange.ts b/src/model/http/exchange.ts
@@ -230,6 +230,9 @@ export class HttpExchange extends HTKEventBase {
     @observable
     public tags: string[];
 
+    @observable
+    public hideErrors = false; // Set to true when errors are ignored for an exchange
+
     @computed
     get httpVersion() {
         return this.request.httpVersion === '2.0' ? 2 : 1;
