Jump to solution
Verify

aiohttp The default .netrc file in the home directory is no longer used (Fix)

Fixed
Spec
Package
aiohttp
Python
3.13
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-09
Own content ratio
0.64
#11713 ai auth caching latency Breaking Api Change Updated: 2026-02-13
Issue #11713

The Fix

Fixes the regression introduced in aiohttp v3.13.1 regarding netrc authentication by ensuring that credentials are loaded correctly when the NETRC environment variable is not set.

Based on closed aio-libs/aiohttp issue #11713 · PR/commit linked

Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.

Jump to Verify Open PR/Commit
@@ -0,0 +1 @@ @@ -0,0 +1 @@ +Fixed loading netrc credentials from the default :file:`~/.netrc` (:file:`~/_netrc` on Windows) location when the :envvar:`NETRC` environment variable is not set -- by :user:`bdraco`. diff --git a/CHANGES/11714.bugfix.rst b/CHANGES/11714.bugfix.rst new file mode 120000
repro.py
import aiohttp import asyncio async def main(): url = "https://httpbin.org/basic-auth/myuser/mypassword" async with aiohttp.ClientSession(trust_env=True) as session: async with session.get(url) as response: response.raise_for_status() asyncio.run(main())
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Apply the official fix\nFixes the regression introduced in aiohttp v3.13.1 regarding netrc authentication by ensuring that credentials are loaded correctly when the NETRC environment variable is not set.\nWhen NOT to use: This fix is not applicable if the NETRC environment variable is intentionally set for different behavior.\n\n

Why This Fix Works in Production

  • Trigger: `aiohttp` v3.13.1 introduced a breaking change: the default .netrc file in the home directory is no longer used.
  • Mechanism: Fixes the regression introduced in aiohttp v3.13.1 regarding netrc authentication by ensuring that credentials are loaded correctly when the NETRC environment variable is not set.
Production impact:
  • If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

  • Shows up under Python 3.13 in real deployments (not just unit tests).
  • Production symptom (often without a traceback): `aiohttp` v3.13.1 introduced a breaking change: the default .netrc file in the home directory is no longer used.

Proof / Evidence

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“It must have regressed with https://github.com/aio-libs/aiohttp/pull/11634”
@bdraco · 2025-10-24 · source
“I confirm I hit the issue and I also note that v3.13.0 works as expected.”
@alexamici · 2025-10-24 · source
“If you set the NETRC environmental variable does the problem go away?”
@bdraco · 2025-10-24 · source
“oh I see the issue. We have to take a performance hit to fix this but it is what it is”
@bdraco · 2025-10-24 · source

Failure Signature (Search String)

  • `aiohttp` v3.13.1 introduced a breaking change: the default .netrc file in the home directory is no longer used.
  • ```python-traceback
Copy-friendly signature
signature.txt
Failure Signature ----------------- `aiohttp` v3.13.1 introduced a breaking change: the default .netrc file in the home directory is no longer used. ```python-traceback

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- `aiohttp` v3.13.1 introduced a breaking change: the default .netrc file in the home directory is no longer used. ```python-traceback

Minimal Reproduction

repro.py
import aiohttp import asyncio async def main(): url = "https://httpbin.org/basic-auth/myuser/mypassword" async with aiohttp.ClientSession(trust_env=True) as session: async with session.get(url) as response: response.raise_for_status() asyncio.run(main())

Environment

  • Python: 3.13

Fix Options (Details)

Option A — Apply the official fix

Fixes the regression introduced in aiohttp v3.13.1 regarding netrc authentication by ensuring that credentials are loaded correctly when the NETRC environment variable is not set.

When NOT to use: This fix is not applicable if the NETRC environment variable is intentionally set for different behavior.

Fix reference: https://github.com/aio-libs/aiohttp/pull/11714

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix is not applicable if the NETRC environment variable is intentionally set for different behavior.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Capture the exact failing error string in logs and tests so you can reproduce via a minimal script.
  • Pin production dependencies and upgrade only with a reproducible test that hits the failing path.

Related Issues

No related fixes found.

Cluster: aiohttp:configuration-error All hubs All clusters
Related clusters: Data consistency Race condition Auth

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #11713. Not affiliated with the library maintainers. Verify before production use.