Revise NU1302 documentation with new scenarios #3471
Conversation
Updated the documentation for NuGet Error NU1302 to include additional scenarios and solutions for handling HTTP sources.
There was a problem hiding this comment.
Pull Request Overview
Updates the NU1302 error documentation to include a new scenario where HTTPS package sources contain HTTP resource endpoints, providing comprehensive guidance for both the original HTTP source scenario and the new mixed HTTPS/HTTP resource scenario.
- Added Scenario 2 documentation for HTTPS sources with HTTP resources
- Provided clear solutions including updating sources to HTTPS and allowing insecure connections
- Maintained consistent structure and formatting with the existing documentation
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
Learn Build status updates of commit 17d9565: 💡 Validation status: suggestions
docs/reference/errors-and-warnings/NU1302.md
For more details, please refer to the build report. Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them. |
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 issues. Other issues are also a high priority. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
Co-authored-by: Copilot <[email protected]>
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 issues. Other issues are also a high priority. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
|
Learn Build status updates of commit 062c2df:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/reference/errors-and-warnings/NU1302.md | View | Details |
docs/reference/errors-and-warnings/NU1302.md
- Line 69, Column 74: [Warning: file-not-found - See documentation]
Invalid file link: '../../api/overview'.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
|
Learn Build status updates of commit c8f548d:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/reference/errors-and-warnings/NU1302.md | View | Details |
docs/reference/errors-and-warnings/NU1302.md
- Line 69, Column 74: [Warning: file-not-found - See documentation]
Invalid file link: '../../api/overview'.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 issues. Other issues are also a high priority. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Co-authored-by: Copilot <[email protected]>
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 issues. Other issues are also a high priority. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
|
Learn Build status updates of commit 68768f5:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/reference/errors-and-warnings/NU1302.md | View | Details |
docs/reference/errors-and-warnings/NU1302.md
- Line 69, Column 78: [Warning: file-not-found - See documentation]
Invalid file link: '../../api/overview'.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
| ## Scenario 2 | ||
|
|
||
| > You are using a NuGet source 'https://contoso/v3/index.json' that contains an 'HTTP' service index resource endpoint: 'http://contoso/v3-flatcontainer/contoso/index.json'. This is insecure and not recommended. To allow HTTP resources, you must explicitly set 'allowInsecureConnections' to true in your NuGet.Config file. For more information, visit https://aka.ms/nuget-https-everywhere. |
There was a problem hiding this comment.
I know I've left this feedback on another doc as well, but would it make sense to delete the self-referencing URL from the docs page? Same applies to Scenario 1
| > You are using a NuGet source 'https://contoso/v3/index.json' that contains an 'HTTP' service index resource endpoint: 'http://contoso/v3-flatcontainer/contoso/index.json'. This is insecure and not recommended. To allow HTTP resources, you must explicitly set 'allowInsecureConnections' to true in your NuGet.Config file. For more information, visit https://aka.ms/nuget-https-everywhere. | |
| > You are using a NuGet source 'https://contoso/v3/index.json' that contains an 'HTTP' service index resource endpoint: 'http://contoso/v3-flatcontainer/contoso/index.json'. This is insecure and not recommended. To allow HTTP resources, you must explicitly set 'allowInsecureConnections' to true in your NuGet.Config file. | |
|
|
||
| #### Option 2: Allow Insecure Connections (If Necessary) | ||
|
|
||
| If you must use the source, explicitly allow insecure connections by adding the `allowInsecureConnections` flag in the `NuGet.Config`: |
There was a problem hiding this comment.
Should we call out the VS Options support for enabling this flag as well?
There was a problem hiding this comment.
| If you must use the source, explicitly allow insecure connections by adding the `allowInsecureConnections` flag in the `NuGet.Config`: | |
| If you must use the source, explicitly allow insecure connections by adding the `allowInsecureConnections` flag in the `NuGet.Config`: | |
| For information about managing the setting in Visual Studio, see [NuGet Options in Visual Studio](../../consume-packages/nuget-visual-studio-options.md#allow-insecure-connections) |
| ### Issue | ||
|
|
||
| The package source you configured is **HTTPS**, but one of its resources (indicated in the error message) is **HTTP**. |
There was a problem hiding this comment.
The language is slightly strong here with so many "you"s. It may be configured by a machine-wide config, or on CI, etc.
Can we emphasize the configuration (NuGet.Config) is setup a particular way?
| The package source you configured is **HTTPS**, but one of its resources (indicated in the error message) is **HTTP**. | |
| A configured package source uses **HTTPS**, but one of its resources (indicated in the error message) uses **HTTP**. | |
| NuGet requires that all sources and their resources use HTTPS. | ||
| If you want to continue using this source despite its HTTP resource, you must set the `allowInsecureConnections` flag to true in your NuGet.config file. | ||
|
|
||
| To learn more about NuGet Sources and Resource Endpoints, take a look at the [NuGet Sources and Resource Endpoints overview](../../api/overview). |
There was a problem hiding this comment.
NuGet Sources and Resource Endpoints word was repeated twice in the same sentence.
One suggestion below but open for alternatives.
| To learn more about NuGet Sources and Resource Endpoints, take a look at the [NuGet Sources and Resource Endpoints overview](../../api/overview). | |
| To learn more about package sources and resource endpoints, take a look at the [NuGet Server API](../../api/overview). |
4 participants
Fixes: NuGet/Home#14418
Updated the documentation for NuGet Error NU1302 to include additional scenarios and solutions for handling HTTP sources.