Open nfriedly opened 1 year ago
Current draft uses the syntax of structured fields for the two header fields. The RateLimit-Policy
is one or more sf-Items which are comma delimited. However, sf-Items can have parameters which are semi-colon delimited.
The RateLimit
header uses a sf-dictionary which is a comma delimited list of key-value pairs.
Based on conversations at the last IETF117 the latest proposal is to make both fields an sf-item. I had attempted to update the PR here https://github.com/ietf-wg-httpapi/ratelimit-headers/pull/130.
The basic idea looks like this:
RateLimit-Policy: somepolicy;l=10000;w=1000 // l=limit w=window
RateLimit: somepolicy;r=500;t=10 // r=remaining t=reset
I noticed that the latest draft uses semicolons to separate things in the
RateLimit-Policy
header, and commas (and spaces) to separate things in theRateLimit
header.In addition to seeming oddly inconsistent, the commas can lead to confusion (or at least trickier parsing), because RFC 2616 allows for multiples of the same header to be combined with commas separating the values.
(
fetch()
does exactly this when reading headers on responses. It made cookie parsing a bit of a burden until they finally added a special function for getting uncombined cookie headers.)Because of that, I would generally recommend avoiding commas, when possible.
(I like the way separate policies are comma-separated, though, because combining multiple policy headers wouldn't lead to confusion in parsing any particular policy.)
Along the same lines of consistency:
limit
,remaining
,reset
,burst
, andcomment
all spelled out, so why is window is abbreviated tow
and limit is not even labeled in theRateLimit-Policy
header?Furthermore, if all the fields were labeled, then why would they even need to be in separate headers? If we combined the two headers, gave every field consistent labeling, and separated fields with semicolons, I think it could be a significant improvement.
Then servers with multiple rate limits would be easier to understand because it would be clear which policy matched which limit. They could either have one header per policy, or they could be combined into a single
RateLimit
header with each limit/policy separated by commas.What do you think?