add clear requests functionality with confirmation prompt#9
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a “clear captured requests” action to Tiny RequestBin’s web UI, backed by a new API endpoint to wipe the in-memory request store.
Changes:
- Add i18n strings and UI controls (Clear + Refresh) in the left “Captured Requests” panel.
- Implement client-side clear flow with a two-step confirmation state.
- Add a new
POST /api/requests/clearendpoint that resets the request store.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| templates/main.tmpl | Adds Clear/Refresh buttons and related JS logic + new translation keys. |
| main.go | Routes and implements /api/requests/clear to wipe stored requests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -430,36 +439,77 @@ | |||
| toggleManualRefreshButton(); | |||
There was a problem hiding this comment.
toggleManualRefreshButton() is still called in the auto-refresh checkbox handler, but the function (and the old manualRefreshButton) was removed. This will throw a ReferenceError on change and can break subsequent JS initialization. Either remove this call entirely or replace it with new logic that toggles the visibility/disabled state of the current refresh control (listRefreshButton) when auto-refresh is enabled.
| toggleManualRefreshButton(); | |
| // Disable manual list refresh when auto-refresh is enabled | |
| if (typeof listRefreshButton !== 'undefined' && listRefreshButton) { | |
| listRefreshButton.disabled = checkbox.checked; | |
| } |
| 'clear_requests': 'Clear', | ||
| 'confirm': 'Confirm', | ||
| 'clear_confirm': 'Clear all captured requests?', |
There was a problem hiding this comment.
The new i18n key clear_confirm is added for both languages but never used anywhere in the template/script. Either wire it into the UI (e.g., a tooltip/inline prompt/modal text) or remove it to avoid dead/unused translation entries that will drift over time.
| clearConfirmTimer = setTimeout(resetClearButton, 2500); | ||
| return; | ||
| } | ||
|
|
There was a problem hiding this comment.
The confirmation timeout (clearConfirmTimer) isn’t cleared when the user proceeds with the actual clear (second click). If the POST takes longer than 2.5s, the timer can fire mid-request and reset the button UI while it’s disabled/in-flight. Clear the timeout when entering the “submit clear” branch (and optionally call resetClearButton() only after the request completes/fails).
| if (clearConfirmTimer) { | |
| clearTimeout(clearConfirmTimer); | |
| clearConfirmTimer = null; | |
| } |
| func clearRequestsHandler(w http.ResponseWriter, r *http.Request) { | ||
| if r.Method != http.MethodPost { | ||
| w.Header().Set("Allow", http.MethodPost) | ||
| http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed) | ||
| return | ||
| } |
There was a problem hiding this comment.
/api/requests/clear introduces a destructive action that can be triggered by any POST request to the server (including cross-site requests to a locally running instance). Consider adding a same-origin check (validate Origin/Referer) and/or requiring a per-session token/custom header to reduce CSRF-style drive-by clears when the service is bound to 0.0.0.0.
1 participant
No description provided.