The Fix
Upgrade to version 0.7.3 or later.
Based on closed encode/httpx issue #309 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -88,7 +88,7 @@ def build_redirect_request(
method = self.redirect_method(request, response)
url = self.redirect_url(request, response)
- headers = self.redirect_headers(request, url) # TODO: merge headers?
+ headers = self.redirect_headers(request, url, method) # TODO: merge headers?
content = self.redirect_content(request, method)
repro.py
from starlette.responses import RedirectResponse
from starlette.applications import Starlette
import uvicorn
app = Starlette(debug=True)
@app.route('/debug', methods=['POST', 'GET'])
async def debug(request):
return RedirectResponse(url='https://httpbin.org/headers', status_code=302)
if __name__ == '__main__':
uvicorn.run(app)
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\nUpgrade to version 0.7.3 or later.\nWhen NOT to use: Do not apply this fix if the application requires preserving request body on redirects.\n\n
Why This Fix Works in Production
- Trigger: h11._util.LocalProtocolError: Too little data for declared Content-Length
- Mechanism: Content-Length headers were not dropped on GET redirects, causing protocol errors
- Why the fix works: Drops Content-Length headers on GET redirects to prevent errors related to incorrect content length during redirection. (first fixed release: 0.7.3).
Production impact:
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- Shows up under Python 3.7 in real deployments (not just unit tests).
- Content-Length headers were not dropped on GET redirects, causing protocol errors
- Surfaces as: h11._util.LocalProtocolError: Too little data for declared Content-Length
Proof / Evidence
- GitHub issue: #309
- Fix PR: https://github.com/encode/httpx/pull/310
- First fixed release: 0.7.3
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.65
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“I am still getting this on the server works fine on the local though.”
“@florimondmanca Reasons why I shouldn't espond to issues at midnight haha :) thanks for setting this on the right track!”
“Thanks for the POC! Looks like the debug logging is coming in handy already :) It looks like we're not persisting the data parameter on…”
“@sethmlarson Should we? This is a case of 302 redirect from POST, and I believe in that case we redirect with GET (see here) and…”
Failure Signature (Search String)
- h11._util.LocalProtocolError: Too little data for declared Content-Length
Error Message
Stack trace
error.txt
Error Message
-------------
h11._util.LocalProtocolError: Too little data for declared Content-Length
Minimal Reproduction
repro.py
from starlette.responses import RedirectResponse
from starlette.applications import Starlette
import uvicorn
app = Starlette(debug=True)
@app.route('/debug', methods=['POST', 'GET'])
async def debug(request):
return RedirectResponse(url='https://httpbin.org/headers', status_code=302)
if __name__ == '__main__':
uvicorn.run(app)
Environment
- Python: 3.7
What Broke
Clients experienced errors due to incorrect Content-Length during redirects.
Why It Broke
Content-Length headers were not dropped on GET redirects, causing protocol errors
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
Upgrade to version 0.7.3 or later.
When NOT to use: Do not apply this fix if the application requires preserving request body on redirects.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Option D — Guard side-effects with OnceOnly Guardrail for side-effects
Mitigate duplicate external side-effects under retries/timeouts/agent loops by gating the operation before calling external systems.
- Place OnceOnly between your code/agent and real side-effects (Stripe, emails, CRM, APIs).
- Use a stable key per side-effect (e.g., customer_id + action + idempotency_key).
- Fail-safe: configure fail-open vs fail-closed based on blast radius and spend risk.
Show example snippet (optional)
onceonly.py
from onceonly import OnceOnly
import os
once = OnceOnly(api_key=os.environ["ONCEONLY_API_KEY"], fail_open=True)
# Stable idempotency key per real side-effect.
# Use a request id / job id / webhook delivery id / Stripe event id, etc.
event_id = "evt_..." # replace
key = f"stripe:webhook:{event_id}"
res = once.check_lock(key=key, ttl=3600)
if res.duplicate:
return {"status": "already_processed"}
# Safe to execute the side-effect exactly once.
handle_event(event_id)
When NOT to use: Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.
Fix reference: https://github.com/encode/httpx/pull/310
First fixed release: 0.7.3
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- Do not apply this fix if the application requires preserving request body on redirects.
- Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.
Verify Fix
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
- Upgrade behind a canary and run integration tests against the canary before 100% rollout.
- Make timeouts explicit and test them (unit + integration) to avoid silent behavior changes.
- Instrument retries (attempt count + reason) and alert on spikes to catch dependency slowdowns.
Version Compatibility Table
| Version | Status |
|---|---|
| 0.7.3 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.