fix(client): sanitize NO_PROXY whitespace before httpx init (fixes #3303)

[LeSingh1]

Fixes #3303.

Bug

OpenAI() and AsyncOpenAI() raise httpx.InvalidURL at construction time when the NO_PROXY environment variable contains whitespace (newlines, tabs, or runs of spaces). This is common when NO_PROXY is set from a Docker compose file with multi-line YAML, a .env file where the value wraps, or a shell script using line continuations.

import os
os.environ['NO_PROXY'] = 'localhost\nexample.com'

from openai import OpenAI
client = OpenAI(api_key='sk-test')
# httpx.InvalidURL: Invalid non-printable ASCII character in URL, '\n' at position 16.

Root cause is in httpx._utils.get_environment_proxies: it splits NO_PROXY on commas only, so whitespace inside an entry survives into the hostname and httpx rejects it during proxy-mounts setup, before any request is made. The reporter notes the fix would be trivial in httpx but the encode/httpx project is not currently accepting external PRs, so the practical workaround is for the SDK to normalize the value just for the duration of the internal httpx client's __init__.

Fix

Introduce a _sanitized_proxy_env() context manager in _base_client.py that, while active, replaces any whitespace inside NO_PROXY / no_proxy with commas (then collapses adjacent commas). Wrap super().__init__(**kwargs) in each of the three internal httpx wrappers (_DefaultHttpxClient, _DefaultAsyncHttpxClient, _DefaultAioHttpClient). The original env var value is restored on exit so user code observes the env var it set.

with _sanitized_proxy_env():
    super().__init__(**kwargs)

If NO_PROXY contains no whitespace, the context manager is a no-op.

Verification

Added two regression tests in tests/test_client.py:

• TestOpenAI.test_no_proxy_with_whitespace_does_not_raise
• TestAsyncOpenAI.test_no_proxy_with_whitespace_does_not_raise

Each sets NO_PROXY="localhost\nexample.com\t192.168.1.1", constructs the default client, asserts no exception, and asserts the original env var is restored.

Local A/B:

without fix: FAILED ... httpx.InvalidURL: Invalid non-printable ASCII character in URL, '\n' at position 16
with fix:    PASSED 6 passed (new + the existing test_proxy_environment_variables and test_default_client_creation, sync + async)

Scope

40-line change to _base_client.py (one helper + three two-line with: wraps + three import additions) plus 26 lines of test coverage. No behavior change for users who do not set NO_PROXY or who set it with valid comma-separated values.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6092238595

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Guard env restoration against concurrent client initialization

The new _sanitized_proxy_env() mutates process-wide NO_PROXY/no_proxy without synchronization, so overlapping client constructions can leave the environment permanently altered. If thread A sanitizes NO_PROXY, thread B enters during that window and snapshots the already-sanitized value, then A restores the original and B later restores its stale snapshot, resulting in NO_PROXY being left sanitized instead of the caller’s original value. Because this variable is global, that leaked value can change proxy behavior for subsequent HTTP clients and subprocesses in multithreaded applications.

Useful? React with 👍 / 👎.