ThrottledError currently returns a 503, which in turn results into
badly-written spambots occasionally flooding our 5xx logs and graphs.
There is no reason, however, for ThrottledError to return a 5xx in the
first place: it's a user-generated error (user hitting a rate limit and
being throttled), not a server error. 5xx error codes in general have
many other implications, such as frontend caches treating this as a
backend failure and potentially retrying the same request, so they are
unsuitable and undesirable for the ThrottledError exception.
RFC 6585 (April 2012, updates: 2616) has added a special 4xx code
specifically for rate-limiting, 429 Too Many Requests. As the
description of that code matches exactly what ThrottledError was meant
for, switch it to using 429 instead.
Note that there is a chance 429 might be mistreated and not showed by
older or badly-written user agents as it's fairly new and not part of
RFC 2616, the original HTTP/1.1 spec. However, the last paragraph of
section 6.1.1 of RFC 2616, specifically covers the issue of UAs &
unknown status codes: it dictates that applications MUST understand the
class of any status code and treat them as the "x00 status code of that
class" (here: 400), MUST NOT be cached, and "SHOULD present to the user
the entity returned with the response, since that entity is likely to
include human-readable information which will explain the unusual
status".
Change-Id: I46335a76096ec800ee8ce5471bacffd41d2dc4f6
