[Distutils] PyPi’s predictable download url
Noah Kantrowitz
noah at coderanger.net
Tue Jul 25 17:25:07 EDT 2017
> On Jul 25, 2017, at 2:15 PM, Wes Turner <wes.turner at gmail.com> wrote:
>
>
>
> On Tuesday, July 25, 2017, Alexander Belopolsky <alexander.belopolsky at gmail.com> wrote:
> On Tue, Jul 25, 2017 at 4:18 PM, Nick Timkovich <prometheus235 at gmail.com> wrote:
> ..
> > That's because curl is kinda annoying and doesn't follow redirects by
> > default:
> >
> > $ curl -i http://pypi.python.org/pypi/virtualenv/json
> > HTTP/1.1 301 Moved Permanently
> > ...
>
> Well, http://pypi.org/.. which is presumably the home of the latest
> PyPI returns 403:
>
> $ curl -i http://pypi.org/pypi/virtualenv/json
> HTTP/1.1 403 SSL is required
> ...
>
> This suggests that redirects are considered to be legacy and may not
> be supported in the future.
>
> Here are the warehouse routes:
> https://github.com/pypa/warehouse/blob/master/warehouse/routes.py
>
> Why do you need an http to https redirect?
To explain this: pypi.org is on the HSTS preload list so all major browsers will automatically use HTTPS for it no matter what. cURL does not support this feature.
--Noah
More information about the Distutils-SIG
mailing list