Use HTTP Status 429 - Too Many Requests

[olliebennett]

When throttling, it might be more accurate to return the following status code:

429 Too Many Requests

The user has sent too many requests in a given amount of time.

This is apparently intended for use with rate limiting schemes.

I realise that defaulting to this error code would be a backwards incompatible, but I think this should be documented. I can provide a PR updating the README.

Related: #5 (which changed the default status code, rather than simply documenting it)

[jstoup111]

👍

[shishirsharma]

👍 Yeah, 429 is much better response. Also we need some rate limit indicating headers like these. http://stackoverflow.com/a/16022625/228589

[subodhkhanduri-oyo]

👍

[fidelisrafael]

How is this? 429 is way better and more correct HTTP Status code than 403, for clients it's too much also identify this kind of response from server, since 403 can means a lot of things(most of time: authenticated but now allowed)....so it's more hard to clients(such a mobile application or a web page) to report this behavior to user when this happen (for example, an application can have a error and sent a lot of requests without the user realizing).

https://httpstatuses.com/403 https://httpstatuses.com/429

[dentarg]

It's pretty easy to use 429 if you want to: https://github.com/dryruby/rack-throttle/blob/v0.5.0/lib/rack/throttle/limiter.rb#L22. It's also documented in the README.

[fidelisrafael]

We're talking about the default status

[dentarg]

Oops, sorry, read too quickly. 👍

[FreekingDean]

This still has the potential to break lots of peoples setups if just done. I think it may be good to have this be listed as a deprecation for a period before deploying.

[fidelisrafael]

@FreekingDean Absolutely. Good point.