Jump to solution
Verify

httpx Path encoding broken for non-ASCII in WSGI mode (Fix)

Fixed
Spec
Package
httpx
Fixed In
0.17.0
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-09
Own content ratio
0.66
#1365 ai tls Updated: 2026-02-13
Issue #1365

The Fix

Upgrade to version 0.17.0 or later.

Based on closed encode/httpx issue #1365 · PR/commit linked

Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.

Jump to Verify Open PR/Commit
@@ -1,6 +1,7 @@ import itertools import typing +from urllib.parse import unquote import httpcore
repro.py
from flask import Flask, request import httpx app = Flask(__name__) @app.route('/<path>') def hello_world(path): return f"path: { path }, query: { request.args['a'] }, url: { request.url }" if __name__ == "__main__": with httpx.Client(app=app, base_url="http://testserver") as client: resp = client.get("/ä", params={"a": "ä"}) print("httpx", resp.text) with app.test_client() as client: resp = client.get("/ä?a=%C3%A4") print("flask", resp.get_data().decode("utf-8"))
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\nUpgrade to version 0.17.0 or later.\nWhen NOT to use: This fix is not applicable if the application does not rely on WSGI for path handling.\n\n

Why This Fix Works in Production

  • Trigger: Path encoding broken for non-ASCII in WSGI mode
  • Mechanism: The WSGI 'PATH_INFO' component was not being unquoted, causing encoding issues for non-ASCII paths
  • Why the fix works: The WSGI 'PATH_INFO' component should be unquoted, fixing the encoding issue for non-ASCII paths. (first fixed release: 0.17.0).
Production impact:
  • If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

  • The WSGI 'PATH_INFO' component was not being unquoted, causing encoding issues for non-ASCII paths
  • Production symptom (often without a traceback): Path encoding broken for non-ASCII in WSGI mode

Proof / Evidence

  • GitHub issue: #1365
  • Fix PR: https://github.com/encode/httpx/pull/1391
  • First fixed release: 0.17.0
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.66

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“So the implication of https://www.python.org/dev/peps/pep-3333/#url-reconstruction is that PATH_INFO should be unquoted”
@lovelydinosaur · 2020-11-12 · source
“This does look like a bug in httpx”
@JayH5 · 2020-10-21 · source

Failure Signature (Search String)

  • Path encoding broken for non-ASCII in WSGI mode
Copy-friendly signature
signature.txt
Failure Signature ----------------- Path encoding broken for non-ASCII in WSGI mode

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- Path encoding broken for non-ASCII in WSGI mode

Minimal Reproduction

repro.py
from flask import Flask, request import httpx app = Flask(__name__) @app.route('/<path>') def hello_world(path): return f"path: { path }, query: { request.args['a'] }, url: { request.url }" if __name__ == "__main__": with httpx.Client(app=app, base_url="http://testserver") as client: resp = client.get("/ä", params={"a": "ä"}) print("httpx", resp.text) with app.test_client() as client: resp = client.get("/ä?a=%C3%A4") print("flask", resp.get_data().decode("utf-8"))

What Broke

Non-ASCII paths were incorrectly encoded, leading to unexpected behavior in WSGI applications.

Why It Broke

The WSGI 'PATH_INFO' component was not being unquoted, causing encoding issues for non-ASCII paths

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

Upgrade to version 0.17.0 or later.

When NOT to use: This fix is not applicable if the application does not rely on WSGI for path handling.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/encode/httpx/pull/1391

First fixed release: 0.17.0

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix is not applicable if the application does not rely on WSGI for path handling.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
  • Upgrade behind a canary and run integration tests against the canary before 100% rollout.
  • Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
  • Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.

Version Compatibility Table

VersionStatus
0.17.0 Fixed

Related Issues

No related fixes found.

Cluster: httpx:configuration-error All hubs All clusters
Related clusters: Data consistency Other Timeout

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #1365. Not affiliated with the library maintainers. Verify before production use.