httpx TimeoutConfig improvements. (Fix)

The Fix

Upgrade to version 0.13.0 or later.

Based on closed encode/httpx issue #578 · PR/commit linked

Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.

Open PR/Commit

@@ -250,83 +250,78 @@ async with httpx.Client(proxies=proxy) as client:
     information at `Client` initialization.
 
-## Timeout fine-tuning
+## Timeout Configuration

fix.md

Option A — Upgrade to fixed release\nUpgrade to version 0.13.0 or later.\nWhen NOT to use: Do not use this fix if you require strict backward compatibility with previous timeout configurations.\n\n

Why This Fix Works in Production

Trigger: TimeoutConfig improvements.
Mechanism: TimeoutConfig was incorrectly implemented, leading to confusion in timeout settings
Why the fix works: Allows a default timeout configuration style in HTTPX, enabling users to set a default timeout while overriding specific timeout values. (first fixed release: 0.13.0).

Production impact:

If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

TimeoutConfig was incorrectly implemented, leading to confusion in timeout settings
Production symptom (often without a traceback): TimeoutConfig improvements.

Proof / Evidence

GitHub issue: #578
Fix PR: https://github.com/encode/httpx/pull/593
First fixed release: 0.13.0
Reproduced locally: No (not executed)
Last verified: 2026-02-09
Confidence: 0.85
Did this fix it?: Yes (upstream fix exists)
Own content ratio: 0.78

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub

“1. TimeoutConfig(5.0) should really just be Timeout(5.0). We don't want to break the API prior to 1.0 so I guess let's switch it to Timeout but have a TimeoutConfig = Timeout synonym. 2. Right now we either support Timeout(5.0) or Timeout(r”

Issue thread · issue description · source

Failure Signature (Search String)

TimeoutConfig improvements.
1. `TimeoutConfig(5.0)` should really just be `Timeout(5.0)`. We don't want to break the API prior to 1.0 so I guess let's switch it to `Timeout` but have a `TimeoutConfig =

Copy-friendly signature

signature.txt

Failure Signature
-----------------
TimeoutConfig improvements.
1. `TimeoutConfig(5.0)` should really just be `Timeout(5.0)`. We don't want to break the API prior to 1.0 so I guess let's switch it to `Timeout` but have a `TimeoutConfig = Timeout` synonym.

Error Message

Signature-only (no traceback captured)

error.txt

Error Message
-------------
TimeoutConfig improvements.
1. `TimeoutConfig(5.0)` should really just be `Timeout(5.0)`. We don't want to break the API prior to 1.0 so I guess let's switch it to `Timeout` but have a `TimeoutConfig = Timeout` synonym.

What Broke

Users experienced unexpected timeout behavior when configuring HTTPX clients.

Why It Broke

TimeoutConfig was incorrectly implemented, leading to confusion in timeout settings

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

Upgrade to version 0.13.0 or later.

When NOT to use: Do not use this fix if you require strict backward compatibility with previous timeout configurations.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Option D — Guard side-effects with OnceOnly Guardrail for side-effects

Mitigate duplicate external side-effects under retries/timeouts/agent loops by gating the operation before calling external systems.

Place OnceOnly between your code/agent and real side-effects (Stripe, emails, CRM, APIs).
Use a stable key per side-effect (e.g., customer_id + action + idempotency_key).
Fail-safe: configure fail-open vs fail-closed based on blast radius and spend risk.

Show example snippet (optional)

onceonly.py

from onceonly import OnceOnly
import os

once = OnceOnly(api_key=os.environ["ONCEONLY_API_KEY"], fail_open=True)

# Stable idempotency key per real side-effect.
# Use a request id / job id / webhook delivery id / Stripe event id, etc.
event_id = "evt_..."  # replace
key = f"stripe:webhook:{event_id}"

res = once.check_lock(key=key, ttl=3600)
if res.duplicate:
    return {"status": "already_processed"}

# Safe to execute the side-effect exactly once.
handle_event(event_id)

See OnceOnly SDK

When NOT to use: Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.

Fix reference: https://github.com/encode/httpx/pull/593

First fixed release: 0.13.0

Last verified: 2026-02-09. Validate in your environment.

When NOT to Use This Fix

Do not use this fix if you require strict backward compatibility with previous timeout configurations.
Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
Upgrade behind a canary and run integration tests against the canary before 100% rollout.
Make timeouts explicit and test them (unit + integration) to avoid silent behavior changes.
Instrument retries (attempt count + reason) and alert on spikes to catch dependency slowdowns.

Version Compatibility Table

Version	Status
0.13.0	Fixed

Related Issues

No related fixes found.

Cluster: httpx:configuration-error All hubs All clusters

Related clusters: Data consistency Other Timeout

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.