Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commas, and potentially combining RateLimit and RateLimit-Policy #131

Open
nfriedly opened this issue Aug 22, 2023 · 1 comment
Open

Commas, and potentially combining RateLimit and RateLimit-Policy #131

nfriedly opened this issue Aug 22, 2023 · 1 comment

Comments

@nfriedly
Copy link

nfriedly commented Aug 22, 2023
edited

I noticed that the latest draft uses semicolons to separate things in the RateLimit-Policy header, and commas (and spaces) to separate things in the RateLimit header.

In addition to seeming oddly inconsistent, the commas can lead to confusion (or at least trickier parsing), because RFC 2616 allows for multiples of the same header to be combined with commas separating the values.

(fetch()does exactly this when reading headers on responses. It made cookie parsing a bit of a burden until they finally added a special function for getting uncombined cookie headers.)

Because of that, I would generally recommend avoiding commas, when possible.

(I like the way separate policies are comma-separated, though, because combining multiple policy headers wouldn't lead to confusion in parsing any particular policy.)

Along the same lines of consistency: limit, remaining, reset, burst, and comment all spelled out, so why is window is abbreviated to w and limit is not even labeled in the RateLimit-Policy header?

Furthermore, if all the fields were labeled, then why would they even need to be in separate headers? If we combined the two headers, gave every field consistent labeling, and separated fields with semicolons, I think it could be a significant improvement.

Then servers with multiple rate limits would be easier to understand because it would be clear which policy matched which limit. They could either have one header per policy, or they could be combined into a single RateLimit header with each limit/policy separated by commas.

What do you think?
@darrelmiller
Copy link
Contributor

darrelmiller commented Nov 6, 2023
edited

Current draft uses the syntax of structured fields for the two header fields. The RateLimit-Policy is one or more sf-Items which are comma delimited. However, sf-Items can have parameters which are semi-colon delimited.

The RateLimit header uses a sf-dictionary which is a comma delimited list of key-value pairs.

Based on conversations at the last IETF117 the latest proposal is to make both fields an sf-item. I had attempted to update the PR here #130.

The basic idea looks like this:

RateLimit-Policy: somepolicy;l=10000;w=1000   // l=limit  w=window
RateLimit: somepolicy;r=500;t=10                      // r=remaining t=reset

@kolbma kolbma mentioned this issue Dec 18, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
HttpApi Active Issues
Status: In Discussion
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nfriedly @darrelmiller