From a8176d6e9e6002461bde7c9de7590b0f04cd7bc0 Mon Sep 17 00:00:00 2001 From: Gregory Schier Date: Mon, 9 Feb 2026 10:17:43 -0800 Subject: [PATCH] Skip disabled key-value entries during request rendering Skip disabled headers, metadata, URL parameters, and form body entries in the render phase for HTTP, gRPC, and WebSocket requests. Previously, disabled entries were still template-rendered even though they were filtered out later at the use site. --- crates-tauri/yaak-app/src/render.rs | 72 +++++++++++++++++++++++++++++ crates/yaak-ws/src/render.rs | 6 +++ 2 files changed, 78 insertions(+) diff --git a/crates-tauri/yaak-app/src/render.rs b/crates-tauri/yaak-app/src/render.rs index f5ad8fad..e63f525f 100644 --- a/crates-tauri/yaak-app/src/render.rs +++ b/crates-tauri/yaak-app/src/render.rs @@ -38,6 +38,9 @@ pub async fn render_grpc_request( let mut metadata = Vec::new(); for p in r.metadata.clone() { + if !p.enabled { + continue; + } metadata.push(HttpRequestHeader { enabled: p.enabled, name: parse_and_render(p.name.as_str(), vars, cb, &opt).await?, @@ -119,6 +122,7 @@ pub async fn render_http_request( let mut body = BTreeMap::new(); for (k, v) in r.body.clone() { + let v = if k == "form" { strip_disabled_form_entries(v) } else { v }; body.insert(k, render_json_value_raw(v, vars, cb, &opt).await?); } @@ -161,3 +165,71 @@ pub async fn render_http_request( Ok(HttpRequest { url, url_parameters, headers, body, authentication, ..r.to_owned() }) } + +/// Strip disabled entries from a JSON array of form objects. +fn strip_disabled_form_entries(v: Value) -> Value { + match v { + Value::Array(items) => Value::Array( + items + .into_iter() + .filter(|item| item.get("enabled").and_then(|e| e.as_bool()).unwrap_or(true)) + .collect(), + ), + v => v, + } +} + +#[cfg(test)] +mod tests { + use super::*; + use serde_json::json; + + #[test] + fn test_strip_disabled_form_entries() { + let input = json!([ + {"enabled": true, "name": "foo", "value": "bar"}, + {"enabled": false, "name": "disabled", "value": "gone"}, + {"enabled": true, "name": "baz", "value": "qux"}, + ]); + let result = strip_disabled_form_entries(input); + assert_eq!( + result, + json!([ + {"enabled": true, "name": "foo", "value": "bar"}, + {"enabled": true, "name": "baz", "value": "qux"}, + ]) + ); + } + + #[test] + fn test_strip_disabled_form_entries_all_disabled() { + let input = json!([ + {"enabled": false, "name": "a", "value": "b"}, + {"enabled": false, "name": "c", "value": "d"}, + ]); + let result = strip_disabled_form_entries(input); + assert_eq!(result, json!([])); + } + + #[test] + fn test_strip_disabled_form_entries_missing_enabled_defaults_to_kept() { + let input = json!([ + {"name": "no_enabled_field", "value": "kept"}, + {"enabled": false, "name": "disabled", "value": "gone"}, + ]); + let result = strip_disabled_form_entries(input); + assert_eq!( + result, + json!([ + {"name": "no_enabled_field", "value": "kept"}, + ]) + ); + } + + #[test] + fn test_strip_disabled_form_entries_non_array_passthrough() { + let input = json!("just a string"); + let result = strip_disabled_form_entries(input.clone()); + assert_eq!(result, input); + } +} diff --git a/crates/yaak-ws/src/render.rs b/crates/yaak-ws/src/render.rs index 1b9c8961..151b41fd 100644 --- a/crates/yaak-ws/src/render.rs +++ b/crates/yaak-ws/src/render.rs @@ -16,6 +16,9 @@ pub async fn render_websocket_request( let mut url_parameters = Vec::new(); for p in r.url_parameters.clone() { + if !p.enabled { + continue; + } url_parameters.push(HttpUrlParameter { enabled: p.enabled, name: parse_and_render(&p.name, vars, cb, opt).await?, @@ -26,6 +29,9 @@ pub async fn render_websocket_request( let mut headers = Vec::new(); for p in r.headers.clone() { + if !p.enabled { + continue; + } headers.push(HttpRequestHeader { enabled: p.enabled, name: parse_and_render(&p.name, vars, cb, opt).await?,