Closed
Description
Symfony version(s) affected: 5.2.x
Description
The SlidingWindowLimiter exposes a retry-after
value intended for exposing to the user.
Instead of the time after which you can retry the current request (for when the request was rejected) the value represents when the current window will end. This is confusing as the limiter can potentially have a previous window set, in which case the retry-after is way sooner than expected.
How to reproduce
- Given a previous "full" 60-second 60-token window
- We're 12 seconds into the new window with already 12 tokens accounted for (that's 12+ 60*(0.8) = 60 tokens used)
- Given a 1-token costing consumer
- This would mean the
X-RateLimit-Retry-After
, as seen in the documentation linked above, would give a timestamp 48 seconds in the future, instead of the 1 second the limiter would need for the needed tokens to become available again