[Distutils] Notice: PyPI APIs now return 403 when accessed via HTTP

Donald Stufft donald at stufft.io
Wed Jun 15 19:10:49 EDT 2016

In part of an ongoing effort to improve the security of PyPI, instead of redirecting (or silently allowing) requests made over HTTP to PyPI APIs, these APIs will now return a 403 and require people to make the initial request over HTTPS.

This does not affect the UI portions of the site that are designed to be used by humans, for these we will still redirect (which will cause the browser to see the HSTS header and force the user to use HTTPS from then on out).


Donald Stufft

More information about the Distutils-SIG mailing list