fix(llm-client): sanitize non-ASCII dynamic request headers (PC-4776)#97
Open
cotovanu-cristian wants to merge 1 commit into
Open
fix(llm-client): sanitize non-ASCII dynamic request headers (PC-4776)#97cotovanu-cristian wants to merge 1 commit into
cotovanu-cristian wants to merge 1 commit into
Conversation
The LLM httpx wrapper crashed with UnicodeEncodeError while injecting dynamic request headers with non-ASCII values into the outbound request. `send()` did `request.headers.update(dynamic_headers)`; httpx then re-encodes str values as ASCII in `_normalize_header_value` and raises, faulting the job before any request leaves the process. Pre-encode dynamic header values before injection: latin-1 bytes (the HTTP/1.1 wire encoding, passed through by httpx verbatim) when representable, else ASCII percent-encoding for values outside latin-1 (e.g. CJK/emoji). Also set the request Headers encoding to latin-1 so httpx's own read-back/cookie-extraction path stays consistent and does not crash on the bytes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cotovanu-cristian
requested review from
DragosBobolea,
cosminacho,
cristipufu,
dragosvelcea,
ionmincu,
ionut-mihalache-uipath and
radu-mocanu
as code owners
cotovanu-cristian
temporarily deployed
to
LLMGW_SETTINGS
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes PC-4776. The LLM httpx wrapper crashed with
UnicodeEncodeError: 'ascii' codec can't encode characters ...while injecting dynamic request headers with non-ASCII values into an outbound request — before any request left the process.In
UiPathHttpxClient.send()/UiPathHttpxAsyncClient.send(), dynamic headers were injected viarequest.headers.update(dynamic_headers). httpx re-encodesstrheader values as ASCII in_normalize_header_valueand raises on any non-ASCII character, so the job faulted (miscategorized asUnknown) on its first LLM call. From SRE-610701, job77c6f180-9ac0-4c72-a997-05d61ce73963(12 failures).Fix
Sanitize dynamic header values before injection (new
encode_header_value/encode_header_itemsinutils/headers.py):Also set
request.headers.encoding = "latin-1"at the injection site so httpx's own read-back / cookie-extraction path (dict(request.headers)) stays consistent and does not re-raise on the bytes downstream.Why this encoding
latin-1 is the standard wire encoding for HTTP/1.1 header octets and is what httpx itself emits when given raw bytes — so latin-1-representable values (the SRE-610701 case is an embedded accented name/title) are transmitted exactly as intended with no transformation. Percent-encoding is reserved for the rare non-latin-1 value, where there is no lossless single-octet representation; it is universally ASCII-safe.
Tests
Extended
tests/core/features/test_httpx_client.py:test_non_ascii_dynamic_header_does_not_crash_send(sync) — latin-1 value reaches the wire as latin-1 bytes (was the failing reproduction).test_non_latin1_dynamic_header_is_percent_encoded— CJK value falls back to ASCII percent-encoding.TestUiPathHttpxAsyncClientSend::test_non_ascii_dynamic_header_does_not_crash_send(async).All three failed with the exact
UnicodeEncodeErrorbefore the fix and pass after.Validation (in worktree)
ruff check— cleanruff format --check— cleanpyright(this repo uses pyright, not mypy) — 0 errorspytest tests/core/features/test_httpx_client.py— 27 passedpytest -k header— 93 passedMockTransport(exercising the cookie read-back path that also crashed): both latin-1 and CJK values reach the wire with status 200.Note for reviewer
Confirm scope vs PC-4341, which is a different non-ASCII path (tool names, not headers). This PR only touches the httpx client's dynamic-header injection and its test.
🤖 Generated with Claude Code