Jump to solution
Verify

httpx Erroneous Infinite Redirect Loop detected (Fix)

Fixed
Spec
Package
httpx
Fixed In
0.7.2
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-09
Own content ratio
0.71
#198 tls Idempotency Violation Updated: 2026-02-13
Exec PASS Issue #198

The Fix

Upgrade to version 0.7.2 or later.

Based on closed encode/httpx issue #198 · PR/commit linked

Jump to Verify Open PR/Commit
@@ -32,10 +32,10 @@ from .interfaces import ( AsyncDispatcher, - BaseReader, - BaseWriter, BaseBackgroundManager,
repro.py
from httpx import Client client = Client() r = client.request("GET", "https://www.howsmyssl.com/a/check") # Completes successfully r = client.request("GET", "https://howsmyssl.com/a/check") # Sends a redirect to 'www.howsmyssl.com' but then errors?
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\nUpgrade to version 0.7.2 or later.\nWhen NOT to use: Do not apply this fix if the application relies on the 'Host' header for redirect handling.\n\n

Why This Fix Works in Production

  • Trigger: Our redirect loop detection or redirects in general is broken somehow because this shouldn't error out:
  • Mechanism: The 'Host' header was not removed on redirects when the URL origin changed, causing infinite loops
  • Why the fix works: Removes the 'Host' header on redirects if the URL origin has changed, addressing the infinite redirect loop issue. (first fixed release: 0.7.2).

Why This Breaks in Prod

  • The 'Host' header was not removed on redirects when the URL origin changed, causing infinite loops
  • Production symptom (often without a traceback): Our redirect loop detection or redirects in general is broken somehow because this shouldn't error out:

Proof / Evidence

  • GitHub issue: #198
  • Fix PR: https://github.com/encode/httpx/pull/199
  • First fixed release: 0.7.2
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.71

Verified Execution

We executed the runnable minimal repro in a temporary environment and captured exit codes + logs.

  • Status: PASS
  • Ran: 2026-02-11T16:52:29Z
  • Package: httpx
  • Fixed: 0.7.2
  • Mode: fixed_only
  • Outcome: ok
Logs
affected (exit=None)
fixed (exit=0)

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“Our redirect loop detection or redirects in general is broken somehow because this shouldn't error out:”
Issue thread · issue description · source

Failure Signature (Search String)

  • Our redirect loop detection or redirects in general is broken somehow because this shouldn't error out:
  • r = client.request("GET", "https://www.howsmyssl.com/a/check") # Completes successfully
Copy-friendly signature
signature.txt
Failure Signature ----------------- Our redirect loop detection or redirects in general is broken somehow because this shouldn't error out: r = client.request("GET", "https://www.howsmyssl.com/a/check") # Completes successfully

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- Our redirect loop detection or redirects in general is broken somehow because this shouldn't error out: r = client.request("GET", "https://www.howsmyssl.com/a/check") # Completes successfully

Minimal Reproduction

repro.py
from httpx import Client client = Client() r = client.request("GET", "https://www.howsmyssl.com/a/check") # Completes successfully r = client.request("GET", "https://howsmyssl.com/a/check") # Sends a redirect to 'www.howsmyssl.com' but then errors?

What Broke

Clients experienced infinite redirect loops leading to request failures.

Why It Broke

The 'Host' header was not removed on redirects when the URL origin changed, causing infinite loops

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

Upgrade to version 0.7.2 or later.

When NOT to use: Do not apply this fix if the application relies on the 'Host' header for redirect handling.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/encode/httpx/pull/199

First fixed release: 0.7.2

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • Do not apply this fix if the application relies on the 'Host' header for redirect handling.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
  • Upgrade behind a canary and run integration tests against the canary before 100% rollout.
  • Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
  • Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.

Version Compatibility Table

VersionStatus
0.7.2 Fixed

Related Issues

No related fixes found.

Cluster: httpx:ssl-handshake All hubs All clusters
Related clusters: Configuration error Data consistency Other

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #198. Not affiliated with the library maintainers. Verify before production use.