The Fix
Upgrade to version 0.17.0 or later.
Based on closed encode/httpx issue #1405 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -120,9 +120,9 @@ def trust_env(self) -> bool:
def _enforce_trailing_slash(self, url: URL) -> URL:
- if url.path.endswith("/"):
+ if url.raw_path.endswith(b"/"):
return url
# Deps: pip install uvicorn
# Run: uvicorn app:app
async def app(scope, receive, send):
assert scope["type"] == "http"
body = b'{"raw_path": "%s"}' % scope["raw_path"]
await send(
{
"type": "http.response.start",
"status": 200,
"headers": [[b"content-type", b"text/plain"]],
}
)
await send({"type": "http.response.body", "body": body})
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Option A — Upgrade to fixed release\nUpgrade to version 0.17.0 or later.\nWhen NOT to use: This fix is not applicable if the application relies on URL-decoding behavior for slashes.\n\n
Why This Fix Works in Production
- Trigger: Cannot request resources with paths that include a mix of path separator slashes and URL-encoded slashes
- Mechanism: The base_url in httpx improperly decodes URL-encoded slashes, leading to incorrect path requests
- Why the fix works: Fixes the issue of URL-encoded slashes being corrupted when using base_url in httpx. (first fixed release: 0.17.0).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- Shows up under Python 3.8 in real deployments (not just unit tests).
- The base_url in httpx improperly decodes URL-encoded slashes, leading to incorrect path requests
- Production symptom (often without a traceback): Cannot request resources with paths that include a mix of path separator slashes and URL-encoded slashes
Proof / Evidence
- GitHub issue: #1405
- Fix PR: https://github.com/encode/httpx/pull/1407
- First fixed release: 0.17.0
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.59
Verified Execution
We executed the runnable minimal repro in a temporary environment and captured exit codes + logs.
- Status: PASS
- Ran: 2026-02-11T16:52:29Z
- Package: httpx
- Fixed: 0.17.0
- Mode: fixed_only
- Outcome: ok
Logs
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Right, in this snippet you are using base_url. That was definitely decoding the URL unnecessarily and has been fixed in https://github.com/encode/httpx/pull/1407”
“Thanks all, useful pointers. Here's a sample reproduction case: "Echo path" server: Test script: Output:”
“My interpretation of https://tools.ietf.org/html/rfc3986, Section 2.1, is that "%2F" is a valid way of including a non-delimiting slash in a URL.”
“@jbaayen The issue you mention wouldn't occur in that snippet, but does occur if the client is using a base_url”
Failure Signature (Search String)
- Cannot request resources with paths that include a mix of path separator slashes and URL-encoded slashes
- With httpx 0.15.0 and newer, we are getting some unexpected behaviour with URLs that include url-encoded slashes.
Copy-friendly signature
Failure Signature
-----------------
Cannot request resources with paths that include a mix of path separator slashes and URL-encoded slashes
With httpx 0.15.0 and newer, we are getting some unexpected behaviour with URLs that include url-encoded slashes.
Error Message
Signature-only (no traceback captured)
Error Message
-------------
Cannot request resources with paths that include a mix of path separator slashes and URL-encoded slashes
With httpx 0.15.0 and newer, we are getting some unexpected behaviour with URLs that include url-encoded slashes.
Minimal Reproduction
# Deps: pip install uvicorn
# Run: uvicorn app:app
async def app(scope, receive, send):
assert scope["type"] == "http"
body = b'{"raw_path": "%s"}' % scope["raw_path"]
await send(
{
"type": "http.response.start",
"status": 200,
"headers": [[b"content-type", b"text/plain"]],
}
)
await send({"type": "http.response.body", "body": body})
Environment
- Python: 3.8
- httpx: 0.15.0
What Broke
Requests to URLs with encoded slashes return incorrect paths, causing resource access failures.
Why It Broke
The base_url in httpx improperly decodes URL-encoded slashes, leading to incorrect path requests
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
Upgrade to version 0.17.0 or later.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/encode/httpx/pull/1407
First fixed release: 0.17.0
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix is not applicable if the application relies on URL-decoding behavior for slashes.
Verify Fix
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
- Upgrade behind a canary and run integration tests against the canary before 100% rollout.
Version Compatibility Table
| Version | Status |
|---|---|
| 0.17.0 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.