RawController Rate Limiter should not issue a 302 redirect but rather a 429 Too Many Requests
In https://gitlab.com/gitlab-org/gitlab-ce/issues/48717 / https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30635 we added rate limiting to the RawController endpoint.
This is a great improvement to prevent inadvertent overuse of the RawController endpoint by thundering herds of clients.
Currently however, we issue a HTTP 302 when the rate limit kicks in. This needs to be changed to a 429 Too Many Requests.
Why?
-
If clients are set to follow HTTP redirects, they will redirect to the "non-raw"
Projects::BlobControllerHTML version of the endpoint, inadvertently leading to more load on our servers instead of less.- Aside: I suspect that many will follow redirects in this case as binary content downloads frequently redirect (eg to S3),
-
Using the correct status codes makes it easier to track rate limiting events.
I imagine that this change should be relatively easy to make.