The Fix
Upgrade to version 0.11.4 or later.
Based on closed Kludex/uvicorn issue #267 · PR/commit linked
@@ -8,7 +8,7 @@ python:
install:
- - pip install -r requirements.txt
+ - pip install -U -r requirements.txt
repro.py
curl http://127.0.0.1:8000 -v
* Rebuilt URL to: http://127.0.0.1:8000/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
GET / HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: curl/7.47.0
Accept: */*
< HTTP/1.1 200 OK
< server: uvicorn
< date: Thu, 17 Jan 2019 15:11:08 GMT
< content-type: text/plain
< transfer-encoding: chunked
<
* Leftovers after chunking: 5 bytes
* Connection #0 to host 127.0.0.1 left intact
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\nUpgrade to version 0.11.4 or later.\nWhen NOT to use: This fix should not be applied if the application relies on the current chunked encoding behavior.\n\n
Why This Fix Works in Production
- Trigger: assert scope['type'] == 'http'
- Mechanism: The chunked encoding logic incorrectly sends an extra chunk when the response body is empty
- Why the fix works: Addresses the issue of sending an extra chunk when the body is empty by modifying the chunked encoding logic. (first fixed release: 0.11.4).
Production impact:
- If left unfixed, this can cause silent data inconsistencies that propagate (bad cache entries, incorrect downstream decisions).
Why This Breaks in Prod
- The chunked encoding logic incorrectly sends an extra chunk when the response body is empty
- Production symptom (often without a traceback): assert scope['type'] == 'http'
Proof / Evidence
- GitHub issue: #267
- Fix PR: https://github.com/kludex/uvicorn/pull/271
- First fixed release: 0.11.4
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.66
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Great work, thanks! I've had to issue my own pull requests to tweak a couple of other bits along the way. Release incoming shortly.”
Failure Signature (Search String)
- assert scope['type'] == 'http'
- 'body': b'', # <- This is the only change from the example
Copy-friendly signature
signature.txt
Failure Signature
-----------------
assert scope['type'] == 'http'
'body': b'', # <- This is the only change from the example
Error Message
Signature-only (no traceback captured)
error.txt
Error Message
-------------
assert scope['type'] == 'http'
'body': b'', # <- This is the only change from the example
Minimal Reproduction
repro.py
curl http://127.0.0.1:8000 -v
* Rebuilt URL to: http://127.0.0.1:8000/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
GET / HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: curl/7.47.0
Accept: */*
< HTTP/1.1 200 OK
< server: uvicorn
< date: Thu, 17 Jan 2019 15:11:08 GMT
< content-type: text/plain
< transfer-encoding: chunked
<
* Leftovers after chunking: 5 bytes
* Connection #0 to host 127.0.0.1 left intact
What Broke
Clients experience unexpected behavior due to the presence of an extra chunk in the response.
Why It Broke
The chunked encoding logic incorrectly sends an extra chunk when the response body is empty
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
Upgrade to version 0.11.4 or later.
When NOT to use: This fix should not be applied if the application relies on the current chunked encoding behavior.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Option D — Guard side-effects with OnceOnly Guardrail for side-effects
Mitigate duplicate external side-effects under retries/timeouts/agent loops by gating the operation before calling external systems.
- Place OnceOnly between your code/agent and real side-effects (Stripe, emails, CRM, APIs).
- Use a stable key per side-effect (e.g., customer_id + action + idempotency_key).
- Fail-safe: configure fail-open vs fail-closed based on blast radius and spend risk.
- This does NOT fix data corruption; it only prevents duplicate side-effects.
Show example snippet (optional)
onceonly.py
from onceonly import OnceOnly
import os
once = OnceOnly(api_key=os.environ["ONCEONLY_API_KEY"], fail_open=True)
# Stable idempotency key per real side-effect.
# Use a request id / job id / webhook delivery id / Stripe event id, etc.
event_id = "evt_..." # replace
key = f"stripe:webhook:{event_id}"
res = once.check_lock(key=key, ttl=3600)
if res.duplicate:
return {"status": "already_processed"}
# Safe to execute the side-effect exactly once.
handle_event(event_id)
When NOT to use: Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.
Fix reference: https://github.com/kludex/uvicorn/pull/271
First fixed release: 0.11.4
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix should not be applied if the application relies on the current chunked encoding behavior.
- Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.
Verify Fix
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Capture the exact failing error string in logs and tests so you can reproduce via a minimal script.
- Pin production dependencies and upgrade only with a reproducible test that hits the failing path.
Version Compatibility Table
| Version | Status |
|---|---|
| 0.11.4 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.