In part of an ongoing effort to improve the security of PyPI, instead of redirecting (or silently allowing) requests made over HTTP to PyPI APIs, these APIs will now return a 403 and require people to make the initial request over HTTPS.
This does not affect the UI portions of the site that are designed to be used by humans, for these we will still redirect (which will cause the browser to see the HSTS header and force the user to use HTTPS from then on out). Thanks! — Donald Stufft _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
