Hiding / Removing the "X-Rate-Limit-Limit" and other headers

[eliyahu2]

Is there a way to hide those in the response or are those required? what are they used for? there is no documentation for why they are set besides a simple note...

Plus, trying to remove them in "onReponse" by setting them to null doesn't work, how can it be done?

Thanks

[marcuspoehls]

@eliyahu2 Hey, the X-Rate-Limit-* headers can be used to check your rate limit. For example, if you don’t have any -Remaining requests, you can calculate the number of seconds using -Reset until you can send another request that won’t be rate-limited.

Does that answer your question?

[eliyahu2]

Hi! Thank you for your quick response, actually We're looking to know:

1. Can the X-Rate-Limit-* flags be removed? is it crucial for the rate limiter to work?

2. In the case that it can be removed, how can it be done? We've tried settings the response.header('X-Rate-Limit-Limit', null) during the "OnPreResponse" stage of hapi but it can still be shown in the browser.

Thank you very much for your assistance

[marcuspoehls]

@eliyahu2 At this point, there’s no option to disable the rate-limiting headers when rate-limiting applies to a route. If I remember correctly, this plugin won’t set these response headers if a route is not rate-limited.

My approach to remove the headers if you don’t want them:

• register an onPreResponse extension point after the hapi-rate-limitor plugin has been registered
• your extension point will then be called after the plugin
• in your extension point, remove the response headers you don’t want
• you can have a look at the assignHeaders method of this plugin how to set a response header in hapi
• you can reset a response header by setting the value to null or undefined

[eliyahu2]

@marcuspoehls Thanks That's very helpful!

[marcuspoehls]

Nice 😊🤜🤛

[marcuspoehls]

@eliyahu2 I saw you reopened this issue. Do you need help?