initialize() has no HTTP timeout; can block requests when API is unreachable #56
Description
When initialize() is used to load features from the GrowthBook API, the SDK does not set any timeout on the HTTP request. If the GrowthBook API is unreachable or slow, the request can block for the full client default (e.g. 30+ seconds), which can take down applications for that duration.
Expected behaviour
The SDK should ensure this call does not wait indefinitely, for example by:
- Preferred: Applying a sensible default timeout (e.g. 1–2 seconds) when making the request, where the underlying client supports it (e.g. via a small decorator or by building a default client with a timeout when the SDK creates one).
- Alternative: Clearly documenting that the provided HTTP client must be configured with a timeout, and optionally providing a helper/factory that returns a client with a recommended timeout (e.g. Guzzle with
timeoutandconnect_timeout) so default setups are safe.
Impact
- Without a timeout, a single call to
initialize()on the request path can block the entire request when GrowthBook is down. - Under load, many requests can block for tens of seconds, causing an effective service outage
- We can work around this by passing a custom client with a short timeout and wrapping
initialize()in try/catch, but that should not be required for basic safety.