Skip to content

I suggest you ...

← General

Add Retry-After to Access-Control-Expose-Headers

When hitting a 429 response, a cross-origin request does not have access to the Retry-After header.

3 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Report…  ·  Admin →
declined  ·  AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded  · 

If the 429 is raised by the origin web server, you’ll get a retry-after. If you’ve been absolutely hammering the service and Cloudflare steps in and rate limits, you won’t get a retry-after from them.

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Report

    Thanks for your reply Troy, what you're saying is absolutely clear, what I mean though is that the retry-after header is not available if the request is done via ajax as a cross-origin http request. Only the values specified in "Access-Control-Expose-Headers" are available in the response. If it's the case that you have no control over that, I guess the only option is to hard-code the retry-after value, which kind of sucks :D

General

Categories

Feedback and Knowledge Base

(thinking…)