🔥 feat: Support for disabling response headers in Limiter Middleware #3618
Conversation
WalkthroughA new boolean configuration option, Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant FiberApp
participant LimiterMiddleware
Client->>FiberApp: HTTP Request
FiberApp->>LimiterMiddleware: Invoke Limiter
LimiterMiddleware->>LimiterMiddleware: Check DisableHeaders
alt DisableHeaders = false
LimiterMiddleware->>FiberApp: Add X-RateLimit-* and Retry-After headers
else DisableHeaders = true
LimiterMiddleware->>FiberApp: Do not add headers
end
FiberApp->>Client: HTTP Response
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Poem
Note ⚡️ Unit Test Generation is now available in beta!Learn more here, or try it out under "Finishing Touches" below. 📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (5)
✅ Files skipped from review due to trivial changes (2)
🚧 Files skipped from review as they are similar to previous changes (3)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
✨ Finishing Touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Summary of Changes
Hello @gaby, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request introduces a new configuration option for the rate limiter middleware, allowing users to disable the X-RateLimit-* response headers. This provides more flexibility for applications that may not want to expose these headers, giving developers more control over the HTTP response. I've updated the configuration, modified the limiter logic to respect this new setting, added documentation, and included a test to verify the functionality.
Highlights
- New Configuration Option: I've introduced a new
DisableHeadersboolean option to thelimiter.Configstruct, which defaults tofalse. This allows users to explicitly control whether rate limit headers are included in responses. - Conditional Header Setting: The
FixedWindowandSlidingWindowlimiter implementations have been updated to only set theX-RateLimit-Limit,X-RateLimit-Remaining, andX-RateLimit-Resetheaders if the newDisableHeadersoption isfalse. - Documentation Update: I've updated the
docs/middleware/limiter.mdfile to include documentation for the newDisableHeadersoption, explaining its purpose and default value. - New Test Case: A new test case,
Test_Limiter_Disable_Headers, has been added tomiddleware/limiter/limiter_test.goto ensure that whenDisableHeadersis set totrue, theX-RateLimit-*headers are correctly omitted from the response.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3618 +/- ##
=======================================
Coverage 91.04% 91.04%
=======================================
Files 112 112
Lines 11289 11289
=======================================
Hits 10278 10278
Misses 754 754
Partials 257 257
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Code Review
This pull request introduces a DisableHeaders option to the limiter middleware, allowing users to prevent X-RateLimit-* headers from being added to responses. The changes are well-implemented across the configuration, documentation, and both fixed and sliding window limiter implementations. A new test case is also added to verify the functionality. My feedback focuses on improving test quality and reducing code duplication for better long-term maintainability.
There was a problem hiding this comment.
Pull Request Overview
This PR introduces the ability to disable X-RateLimit-* response headers in the Limiter middleware by adding a new DisableHeaders configuration option.
- Adds
DisableHeadersboolean field to the Config struct with default valuefalse - Conditionally sets X-RateLimit headers only when
DisableHeadersisfalsein both fixed and sliding window implementations - Updates documentation to describe the new configuration option
- Adds comprehensive test coverage for the new functionality
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| middleware/limiter/config.go | Adds DisableHeaders field to Config struct and default configuration |
| middleware/limiter/limiter_fixed.go | Wraps header setting logic with DisableHeaders condition check |
| middleware/limiter/limiter_sliding.go | Wraps header setting logic with DisableHeaders condition check |
| middleware/limiter/limiter_test.go | Adds test case verifying headers are not set when DisableHeaders is true |
| docs/middleware/limiter.md | Documents the new DisableHeaders configuration option |
Comments suppressed due to low confidence (1)
middleware/limiter/limiter_test.go:764
- The function name uses underscores which is inconsistent with Go naming conventions. Consider renaming to 'TestLimiterDisableHeaders' to follow standard Go test naming patterns.
func Test_Limiter_Disable_Headers(t *testing.T) {
|
@gaby Should we include "HeaderRetryAfter" ? |
Done |
Summary
DisableHeadersoption for limiter middleware