Programmatic access to yanking releases

[jefftlin123]

Problem description

I would like to make an http request to yank a release. For example, I can yank https://pypi.org/project/example-package-jefftlin/ through the UI on the webpage for that package. But when attempting to use curl from my linux terminal to yank it, I receive:

curl --request POST https://pypi.org/manage/project/example-package-jefftlin/release/0.0.1 -L --data-binary yanked_reason="to test" -b cookies.txt

400 Bad CSRF Origin

Access is denied. This server can not verify that the origin or referrer of your request matches the current site. Either your browser supplied the wrong Origin or Referrer or it did not supply one at all.

Origin checking failed - missing Origin or Referer. % I've attempted to provide the cookie using curl -b, or via including CSRF in the payload --data-binary . I get the CSRF token using a GET request to the same url. What can I do differently to be able to make a POST request to yank my release from the command line?

[merwok]

Cand you report this to https://github.com/pypi/warehouse/ if there isn’t already a ticket for it?

[jefftlin123]

Done.

[jefftlin123]

@merwok any chance you know the answer to my question of if programmatically yanking is currently possible? I feel like it's not and a day of research is behind that, but I may have missed something.

[woodruffw]

@apefaceddog programmatic yanking is not currently possible, to the best of my knowledge.

[warsaw]

This is important to us as well, so I am actually working on it, although I don't have anything to share atm. Hopefully I can put up a PR next week.