Jump to solution
Verify

httpx Can't handle URLs with @ character in userinfo section (Fix)

Fixed
Spec
Package
httpx
Fixed In
0.14.2
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-09
Own content ratio
0.55
#328 ai auth Updated: 2026-02-13
Issue #328

The Fix

Upgrade to version 0.14.2 or later.

Based on closed encode/httpx issue #328 · PR/commit linked

Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.

Jump to Verify Open PR/Commit
@@ -7,7 +7,7 @@ from collections.abc import MutableMapping from http.cookiejar import Cookie, CookieJar -from urllib.parse import parse_qsl, urlencode +from urllib.parse import parse_qsl, quote, unquote, urlencode
repro.py
>> import httpx >> httpx.URL("https://[email protected]:[email protected]") Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/sethmlarson/Desktop/http3/httpx/models.py", line 112, in __init__ raise InvalidURL("No host included in URL.") httpx.exceptions.InvalidURL: No host included in URL.
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\nUpgrade to version 0.14.2 or later.\nWhen NOT to use: This fix should not be applied if the URL parsing behavior needs to remain unchanged.\n\n

Why This Fix Works in Production

  • Trigger: >> import httpx
  • Mechanism: The URL parser fails to handle special characters like '@' in the userinfo section
  • Why the fix works: Handles URL quoting for username and password components, allowing for proper parsing of URLs with special characters like '@'. (first fixed release: 0.14.2).
Production impact:
  • If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

  • The URL parser fails to handle special characters like '@' in the userinfo section
  • Surfaces as: >> import httpx

Proof / Evidence

  • GitHub issue: #328
  • Fix PR: https://github.com/encode/httpx/pull/1159
  • First fixed release: 0.14.2
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.55

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“Hi @sethmlarson I've pushed a PR about this topic. Could your review it?”
@cansarigol · 2019-09-09 · source
“So, something I think we may want to re-review prior to 1.0 is which internal URL parsing implementation is really our best option”
@lovelydinosaur · 2020-07-27 · confirmation · source

Failure Signature (Search String)

  • >> import httpx

Error Message

Stack trace
error.txt
Error Message ------------- >> import httpx >> httpx.URL("https://[email protected]:[email protected]") Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/sethmlarson/Desktop/http3/httpx/models.py", line 112, in __init__ raise InvalidURL("No host included in URL.") httpx.exceptions.InvalidURL: No host included in URL.

Minimal Reproduction

repro.py
>> import httpx >> httpx.URL("https://[email protected]:[email protected]") Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/sethmlarson/Desktop/http3/httpx/models.py", line 112, in __init__ raise InvalidURL("No host included in URL.") httpx.exceptions.InvalidURL: No host included in URL.

What Broke

Users encounter an InvalidURL exception when using email addresses as usernames.

Why It Broke

The URL parser fails to handle special characters like '@' in the userinfo section

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

Upgrade to version 0.14.2 or later.

When NOT to use: This fix should not be applied if the URL parsing behavior needs to remain unchanged.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/encode/httpx/pull/1159

First fixed release: 0.14.2

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix should not be applied if the URL parsing behavior needs to remain unchanged.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
  • Upgrade behind a canary and run integration tests against the canary before 100% rollout.

Version Compatibility Table

VersionStatus
0.14.2 Fixed

Related Issues

No related fixes found.

Cluster: httpx:configuration-error All hubs All clusters
Related clusters: Data consistency Other Timeout

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #328. Not affiliated with the library maintainers. Verify before production use.