RawController Rate Limiter should not issue a 302 redirect but rather a 429 Too Many Requests
In https://gitlab.com/gitlab-org/gitlab-ce/issues/48717 / https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/30635 we added rate limiting to the RawController
endpoint.
This is a great improvement to prevent inadvertent overuse of the RawController
endpoint by thundering herds of clients.
Currently however, we issue a HTTP 302
when the rate limit kicks in. This needs to be changed to a 429 Too Many Requests
.
Why?
-
If clients are set to follow HTTP redirects, they will redirect to the "non-raw"
Projects::BlobController
HTML version of the endpoint, inadvertently leading to more load on our servers instead of less.- Aside: I suspect that many will follow redirects in this case as binary content downloads frequently redirect (eg to S3),
-
Using the correct status codes makes it easier to track rate limiting events.
I imagine that this change should be relatively easy to make.