Skip to content

[RateLimiter] the standard "X-RateLimit-Limit" HTTP header is not easy to implement #38489

New issue
New issue
Closed
#38608
Closed
[RateLimiter] the standard "X-RateLimit-Limit" HTTP header is not easy to implement#38489
#38608
Labels
FeatureRateLimiter
@kbond

Description

@kbond
kbond
opened on Oct 8, 2020

Description
With request rate limiting, a common paradigm is to provide X-RateLimit-Remaining, X-RateLimit-Reset and X-RateLimit-Limit HTTP headers as useful information to the client. See Github and Laravel. Also, the RateLimit Header RFC defines these.

Currently, the component allows us to easily add X-RateLimit-Remaining, X-RateLimit-Reset but not X-RateLimit-Limit:

$limit = $limiter->consume();

$response->headers->add([
    'X-RateLimit-Remaining' => $limit->getRemainingTokens(),
    'X-RateLimit-Reset' => $limit->getRetryAfter()->getTimestamp(),
    'X-RateLimit-Limit' => // ???
]);

An attempt was made in #38257 to add via Limit::getMetadata() but ultimately rejected. The problem is while with the FixedWindowLimiter, the Limit is a clear value, with the TokenBucketLimiter it is a little fuzzy what it should be (perhaps the burst size?). Even the RFC is a little vague on this.

I'd like to reopen the discussion on this. Ping @nicolas-grekas, @wouterj

Metadata

Metadata

Assignees

No one assigned

    Labels

    FeatureRateLimiter

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      pFad - Phonifier reborn

      Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

      Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy