The Fix
pip install fastapi==0.128.4
Based on closed fastapi/fastapi issue #13533 · PR/commit linked
@@ -902,8 +902,9 @@ async def process_fn(
if value is not None:
values[field.alias] = value
+ field_aliases = {field.alias for field in body_fields}
for key, value in received_body.items():
- if key not in values:
repro.py
from fastapi.testclient import TestClient
from main import app
def test_root():
client = TestClient(app)
response = client.post("/", data={}) # corrected
assert response.status_code == 200
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install fastapi==0.128.4\nWhen NOT to use: This fix should not be applied if the application relies on empty strings being treated as valid inputs.\n\n
Why This Fix Works in Production
- Trigger: Multiple regressions in the handling of forms & form validation
- Mechanism: The handling of default values in forms was broken due to changes in the processing logic
- Why the fix works: Fixes the handling of form values with empty strings interpreted as missing values (None) for compatibility with HTML forms, addressing a regression introduced in a previous commit. (first fixed release: 0.128.4).
Production impact:
- If left unfixed, this can cause silent data inconsistencies that propagate (bad cache entries, incorrect downstream decisions).
Why This Breaks in Prod
- The handling of default values in forms was broken due to changes in the processing logic
- Production symptom (often without a traceback): Multiple regressions in the handling of forms & form validation
Proof / Evidence
- GitHub issue: #13533
- Fix PR: https://github.com/fastapi/fastapi/pull/13537
- First fixed release: 0.128.4
- Reproduced locally: No (not executed)
- Last verified: 2026-02-08
- Confidence: 0.75
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.70
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“The issue is with how the request model is being parsed, I have identified the sources of the regressions and have linked them. I am…”
“The handling of forms also caused this regression, which was also found when migrating from version v0.112.4 to v0.115.11. It would be great to get…”
“This should have been solved by https://github.com/fastapi/fastapi/pull/13537 (thanks @MarinPostma!). The fix will be available in FastAPI 0.123.2, released in the next few hours. 🎉”
“@alv2017 take the following example, this is the x-www-form-urlencoded case: running the following command: with fastapi 0.112.4 with fastapi 0.115.12: Conclusion, the same request used…”
Failure Signature (Search String)
- Multiple regressions in the handling of forms & form validation
- This patch solves the x-form-urlencoded case. So we indeed have two different regressions.
Copy-friendly signature
signature.txt
Failure Signature
-----------------
Multiple regressions in the handling of forms & form validation
This patch solves the x-form-urlencoded case. So we indeed have two different regressions.
Error Message
Signature-only (no traceback captured)
error.txt
Error Message
-------------
Multiple regressions in the handling of forms & form validation
This patch solves the x-form-urlencoded case. So we indeed have two different regressions.
Minimal Reproduction
repro.py
from fastapi.testclient import TestClient
from main import app
def test_root():
client = TestClient(app)
response = client.post("/", data={}) # corrected
assert response.status_code == 200
What Broke
Forms with empty string values returned empty strings instead of None, causing incorrect behavior.
Why It Broke
The handling of default values in forms was broken due to changes in the processing logic
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install fastapi==0.128.4
When NOT to use: This fix should not be applied if the application relies on empty strings being treated as valid inputs.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Option D — Guard side-effects with OnceOnly Guardrail for side-effects
Mitigate duplicate external side-effects under retries/timeouts/agent loops by gating the operation before calling external systems.
- Place OnceOnly between your code/agent and real side-effects (Stripe, emails, CRM, APIs).
- Use a stable key per side-effect (e.g., customer_id + action + idempotency_key).
- Fail-safe: configure fail-open vs fail-closed based on blast radius and spend risk.
- This does NOT fix data corruption; it only prevents duplicate side-effects.
Show example snippet (optional)
onceonly.py
from onceonly import OnceOnly
import os
once = OnceOnly(api_key=os.environ["ONCEONLY_API_KEY"], fail_open=True)
# Stable idempotency key per real side-effect.
# Use a request id / job id / webhook delivery id / Stripe event id, etc.
event_id = "evt_..." # replace
key = f"stripe:webhook:{event_id}"
res = once.check_lock(key=key, ttl=3600)
if res.duplicate:
return {"status": "already_processed"}
# Safe to execute the side-effect exactly once.
handle_event(event_id)
When NOT to use: Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.
Fix reference: https://github.com/fastapi/fastapi/pull/13537
First fixed release: 0.128.4
Last verified: 2026-02-08. Validate in your environment.
When NOT to Use This Fix
- This fix should not be applied if the application relies on empty strings being treated as valid inputs.
- Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.
Verify Fix
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Capture the exact failing error string in logs and tests so you can reproduce via a minimal script.
- Pin production dependencies and upgrade only with a reproducible test that hits the failing path.
Version Compatibility Table
| Version | Status |
|---|---|
| 0.128.4 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.