Skip to content

Commit b3cd276

Browse files
Nigusu-AllehuNigusu-Allehu
authored
Update Nu1302 documentation with more information (#3363)
1 parent 6728686 commit b3cd276

File tree

1 file changed

+36
-3
lines changed

1 file changed

+36
-3
lines changed

docs/reference/errors-and-warnings/NU1302.md

Lines changed: 36 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,14 +8,47 @@ f1_keywords:
88
- "NU1302"
99
---
1010

11-
# NuGet Warning NU1302
11+
# NuGet Error NU1302
1212

1313
> You are running the 'restore' operation with an 'HTTP' source: myHttpSource. NuGet requires HTTPS sources. To use an HTTP source, you must explicitly set 'allowInsecureConnections' to true in your NuGet.Config file. Please refer to https://aka.ms/nuget-https-everywhere for more information.
1414
1515
### Issue
1616

17-
`myHttpSource` is an insecure HTTP source. We recommend using HTTPS sources instead.
17+
`myHttpSource` is an insecure HTTP source. We recommend using an HTTPS source instead.
1818

1919
### Solution
2020

21-
This can be fixed either by removing the HTTP source or disabling HTTP Errors for the specific source by using `allowInsecureConnections` option in your [NuGet config file](../../reference/nuget-config-file.md).
21+
#### Option 1: Update the Source to Use HTTPS
22+
23+
If possible, update the package source to use `https://` instead of `http://`:
24+
25+
```xml
26+
<configuration>
27+
<packageSources>
28+
<add key="SecureSource" value="https://example.com/nuget/" />
29+
</packageSources>
30+
</configuration>
31+
```
32+
33+
#### Option 2: Allow Insecure Connections (If Necessary)
34+
35+
If the source must remain HTTP, explicitly allow insecure connections by adding the `AllowInsecureConnections` flag in the `NuGet.Config`:
36+
37+
```xml
38+
<configuration>
39+
<packageSources>
40+
<add key="InsecureSource" value="http://example.com/nuget/" allowInsecureConnections="true" />
41+
</packageSources>
42+
</configuration>
43+
```
44+
45+
#### Option 3: Consult SDK Analysis Level
46+
47+
The [`SdkAnalysisLevel`](/dotnet/core/project-sdk/msbuild-props#sdkanalysislevel) property in your project can serve as a temporary workaround for managing HTTP sources.
48+
If additional time is needed to resolve the HTTP error, you can lower the `SdkAnalysisLevel` to suppress errors temporarily.
49+
Here's how it functions:
50+
51+
- For SDK Analysis Level value **below 9.0.100**, using HTTP sources triggers a warning ([NU1803](NU1803.md)).
52+
- Starting with SDK Analysis Level **9.0.100 or higher**, HTTP sources result in an error (NU1302) unless `AllowInsecureConnections` is explicitly enabled.
53+
54+

0 commit comments

Comments
 (0)