search

librariesio / libraries.io

:books: The Open Source Discovery Service
https://libraries.io
GNU Affero General Public License v3.0
1.1k stars 206 forks source link

Re-add rate-limit headers back to non-rate-limited responses. #3351

Closed tiegz closed 3 months ago

tiegz commented 3 months ago

before https://github.com/librariesio/libraries.io/pull/3277 , we served X-RateLimit-Limit and X-RateLimit-Remaining headers in non-rate-limited responses to transmit info about rate-limiting to clients.

after https://github.com/librariesio/libraries.io/pull/3277 , those successful response headers were removed, and we added RateLimit-Limit, RateLimit-Remaining, and RateLimit-Reset headers to non-rate-limited responses, so unfortunately clients could no longer track their usage in successful responses.

these changes bring back the former non-rate-limited headers, and also prefix the rate-limited headers with X- since those headers are not quite a standard yet, at time of writing: https://www.ietf.org/archive/id/draft-ietf-httpapi-ratelimit-headers-07.html .

Example:

# Non-rate-limited API response
HTTP/1.1 200 OK
...
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 3
X-RateLimit-Reset: 57
...

# Rate-limited API response
HTTP/1.1 429 Too Many Requests
...
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 54
Retry-After: 54
...

NOTE: I've only added the non-rate-limited headers to API responses. Do we want to include them for Web responses too?

closes https://github.com/librariesio/libraries.io/issues/3283

chris48s commented 3 months ago

thanks for getting this sorted :+1: