RateLimit-* response headers missing in gitlab.com API
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
RateLimit response headers such as RateLimit-Remaining, RateLimit-Reset, Retry-After, etc are missing from gitlab.com API when hitting 429 errors.
Steps to reproduce
- Write a loop to hit a rate limit on one of the endpoints, e.g.
/users/:id:. Need 300 requests/minute to hit the limit. - Run an additional request and witness the headers missing.
Example Project
I'm using python-gitlab to access the gitlab API.
What is the current bug behavior?
RateLimit headers such as RateLimit-Remaining, RateLimit-Reset, Retry-After, etc are missing from gitlab.com API when hitting 429 errors.
What is the expected correct behavior?
According to the docs there should be response headers related to the rate limits: https://docs.gitlab.com/ee/user/admin_area/settings/user_and_ip_rate_limits.html#enable-authenticated-api-request-rate-limit
Relevant logs and/or screenshots
Log of response headers for a request hitting rate limit:
2022-06-20T11:14:05+0300 [DEBUG] urllib3.connectionpool - https://gitlab.com:443 "GET /api/v4/users/10821733/ HTTP/1.1" 429 89
send: b'GET /api/v4/users/10821733/ HTTP/1.1\r\nHost: gitlab.com\r\nUser-Agent: python-gitlab/3.5.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nPRIVATE-TOKEN: ***\r\nContent-type: application/json\r\n\r\n'
reply: 'HTTP/1.1 429 Too Many Requests\r\n'
header: Date: Mon, 20 Jun 2022 08:14:05 GMT
header: Content-Type: application/json
header: Content-Length: 89
header: Connection: keep-alive
header: Cache-Control: no-cache
header: Vary: Origin
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-Request-Id: 01G602T3RSA1HGKBB4NW2GD366
header: X-Runtime: 0.027737
header: Strict-Transport-Security: max-age=31536000
header: Referrer-Policy: strict-origin-when-cross-origin
header: GitLab-LB: fe-22-lb-gprd
header: GitLab-SV: api-gke-us-east1-c
header: CF-Cache-Status: DYNAMIC
header: Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
header: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jfa01qENyS5pkJ6u2UEIEYxEbSPMDM74JeI1wKLru9GbKCdcUe8iToj6SAIu4MO3V4KCe1L7Bgt4FcNdEAKQtK5KLZzg2srWszdc3aR1eB1nDBZd7zc4C2aF21d4h6hMAlD0MtJDGCo%3D"}],"group":"cf-nel","max_age":604800}
header: NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
header: Server: cloudflare
header: CF-RAY: 71e30c843d047d9e-TLVOutput of checks
This bug happens on GitLab.com. I haven't used nor tested the self-hosted version.
Results of GitLab environment info
This bug happens on GitLab.com. I haven't used nor tested the self-hosted version.
Results of GitLab application Check
This bug happens on GitLab.com. I haven't used nor tested the self-hosted version.
Possible fixes
If this is only a problem with the SaaS version and not self-hosted, it might be an issue with Cloudflare hiding some of the response headers.