On Tue, Jul 25, 2017 at 4:25 PM, Noah Kantrowitz <n...@coderanger.net> wrote:
> > > On Tuesday, July 25, 2017, Alexander Belopolsky < > alexander.belopol...@gmail.com> wrote: > > $ curl -i http://pypi.org/pypi/virtualenv/json > > HTTP/1.1 403 SSL is required > > ... > > > > To explain this: pypi.org is on the HSTS preload list so all major > browsers will automatically use HTTPS for it no matter what. cURL does not > support this feature. > > --Noah Also sounds like a good idea so anyone that writes a client and forgets that S will be forced to correct it rather than silently relying on a redirect (slower, opportunity for attack) Nick
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
