mwodrich
commented
1 year ago This PR would be very useful to me!
Closed go-aegian closed 3 months ago
mwodrich
commented
1 year ago This PR would be very useful to me!
pkieltyka
commented
1 year ago @mwodrich so the request here is to make the response headers with ratelimit info optional? such that, the rate limits aren't returned to the client, and are invisible to clients...?
just wondering why you guys would like this?
mwodrich
commented
1 year ago These headers are very useful for coordinating rates with a cooperative client that just needs to bound resource usage over time, but in a scenario where the rate limits are set to limit the impact of malicious actors, I don't believe it is valuable or appropriate to give them any information about the state or configuration of the rate limiter.
pkieltyka
commented
1 year ago Indeed, makes sense.
VojtechVitek
commented
7 months ago @go-aegian I think it'd be fine to accept the new func WithHeaders(on bool) Option {}, though :)
VojtechVitek
commented
3 months ago Please see https://github.com/go-chi/httprate/pull/31.
You can now omit all headers via:
httprate.Limit(
1000,
time.Minute,
httprate.WithResponseHeaders(httprate.ResponseHeaders{}),
)You can also customize or omit individual headers:
httprate.Limit(
1000,
time.Minute,
httprate.WithResponseHeaders(httprate.ResponseHeaders{
Limit: "", // omit
Remaining: "", // omit
Increment: "", // omit
Reset: "X-RateLimit-Reset",
RetryAfter: "Retry-After",
}),
)
The headers output by this middleware "X-RateLimit-Limit", "X-RateLimit-Remaining", "X-RateLimit-Reset", "Retry-After" should be output depending on a configuration for it.