[Distutils] Notice: PyPI APIs now return 403 when accessed via HTTP
donald at stufft.io
Wed Jun 15 19:10:49 EDT 2016
In part of an ongoing effort to improve the security of PyPI, instead of redirecting (or silently allowing) requests made over HTTP to PyPI APIs, these APIs will now return a 403 and require people to make the initial request over HTTPS.
This does not affect the UI portions of the site that are designed to be used by humans, for these we will still redirect (which will cause the browser to see the HSTS header and force the user to use HTTPS from then on out).
More information about the Distutils-SIG