fix httpx client mount verify setting #5632

[ruhz3]

All Submissions:

• Have you followed the guidelines stated in CONTRIBUTING.md file?
• Have you checked to ensure there aren't any other open Pull Requests for the desired changed?

Type of change

• Bug fix (non-breaking change which fixes an issue)

Changes To Core Features:

• Have you added an explanation of what your changes do and why you'd like us to include them?
• Have you written new tests for your core changes, as applicable?
• Have you successfully ran tests with your changes locally?

---

Title: Fix SSL Verification Inconsistency in HTTPX Client Proxy Mounts

Description:

This pull request addresses an inconsistency in SSL verification settings within the HTTPX client configuration used by Reflex. Currently, when the environment variable SSL_NO_VERIFY=1 is set, the main HTTP transport correctly disables SSL verification, but proxy mounts continue to enforce SSL certificate verification. This leads to inconsistent behavior and potential SSL certificate errors in environments using proxies, such as corporate networks with self-signed certificates, development setups, CI/CD pipelines, or networks with SSL inspection.

The changes ensure that SSL verification settings are uniformly applied across both the main HTTP transport and proxy mounts, resolving errors like those encountered during reflex init when SSL_NO_VERIFY=1 is set. This fix enhances reliability in the following scenarios:

• Corporate environments with self-signed certificates or custom CAs
• Development environments requiring SSL verification bypass
• CI/CD pipelines operating behind corporate proxies
• Network environments with SSL inspection/filtering

Changes Made:

• Modified the HTTPX client configuration to propagate the SSL_NO_VERIFY setting to proxy mounts.
• Added tests to verify consistent SSL verification behavior across main and proxy transports.
• Ensured backward compatibility with existing functionality.

Testing:

• Locally ran tests to confirm the fix resolves the SSL verification inconsistency.
• Verified functionality in a simulated proxy environment with SSL_NO_VERIFY=1.
• Ensured no regression in standard HTTP transport behavior.

closes #5632

[codspeed-hq]

CodSpeed Performance Report

Merging #5635 will not alter performance

_{Comparing ruhz3:fix/ssl-verification-proxy-mounts (f50c3b5) with main (00cdc4d)}

Summary

✅ 8 untouched benchmarks

[greptile-apps]

Greptile Summary

This PR fixes an SSL verification inconsistency in Reflex's HTTPX client configuration. The issue was that when the SSL_NO_VERIFY=1 environment variable is set, the main HTTP transport correctly disables SSL verification, but proxy mounts were still enforcing SSL certificate verification. This inconsistency caused SSL certificate errors in proxy environments, particularly during reflex init commands.

The fix is elegantly simple: it extracts the SSL verification setting once using _httpx_verify_kwarg() and applies it consistently to both the main HTTP transport and all proxy mounts in the get_httpx_client() function. Previously, the main transport used verify=_httpx_verify_kwarg() while proxy mounts used the default verification behavior.

This change integrates well with Reflex's existing network utilities in reflex/utils/net.py, which already handles environment-based SSL configuration through the _httpx_verify_kwarg() helper function. The fix ensures that all HTTP transports (main and proxy) respect the same SSL verification policy, making the behavior predictable and consistent across different network environments.

Confidence score: 4/5

• This is a safe and well-targeted bug fix that addresses a clear inconsistency issue.
• The change is minimal, focused, and maintains backward compatibility while fixing the specific SSL verification problem.
• No files need additional attention as the change is straightforward and contained.

_{1 file reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}

[adhami3310]

looks reasonable!