Class: Gitlab::Middleware::RackAttackHeaders

Inherits:

Object

Object
Gitlab::Middleware::RackAttackHeaders

show all

Defined in:: lib/gitlab/middleware/rack_attack_headers.rb

Overview

Rack middleware that adds rate limit headers to all responses processed by Rack::Attack.

Unlike the default Rack::Attack behavior (which only adds headers to throttled requests), this middleware adds rate limit headers to ALL requests that have throttle data available and are not already rate-limited (i.e. HTTP status 429). This enables clients to proactively adjust their request rates before hitting limits, improving the overall user experience and reducing unnecessary 429 errors.

Integrates with RackAttack::RequestThrottleData to generate standardized rate limit headers.

When multiple throttles apply to a request, the most restrictive one (lowest remaining quota) is used for the headers.

Examples:

Typical request flow

# Request comes in -> Rack::Attack processes it -> This middleware adds headers
# Response: 200 OK
# Headers: RateLimit-Limit: 100, RateLimit-Remaining: 75, RateLimit-Reset: 1234567890, etc.

Constant Summary collapse

RACK_ATTACK_THROTTLE_DATA_KEY = Rack environment key where Rack::Attack stores throttle data

'rack.attack.throttle_data'

Instance Method Summary collapse

#call(env) ⇒ Array<Integer, Hash, Object>

Process the request and add rate limit headers if applicable.
#initialize(app) ⇒ RackAttackHeaders constructor

Initialize the middleware.

Constructor Details

#initialize(app) ⇒ `RackAttackHeaders`

Initialize the middleware

Parameters:

The Rack application



33
34
35

# File 'lib/gitlab/middleware/rack_attack_headers.rb', line 33

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ `Array<Integer, Hash, Object>`

Process the request and add rate limit headers if applicable