NuGetGallery icon indicating copy to clipboard operation
NuGetGallery copied to clipboard

Published 20 hours ago verified publisher icon NuGet

[NuGet.org Bug]: Images from github readmes are not shown on nuget.org (domain not trusted).

Open paulnsk opened this issue 1 year ago • 4 comments

Impact

It bothers me. A fix would be nice

Describe the bug

I just added a readme.md to my little nuget package. I did so by using github's built-in markdown editor. When an image is pasted into the editor, it is automatically uploaded to a location similar to this

![image](https://github.com/paulnsk/ConsoleTools/assets/39160578/2328bb9c-1772-450c-a626-7192709b9bde)

which is apparently not suitable for using on nuget.org.

Please include github.com/.../assets to the trusted domain list https://learn.microsoft.com/en-us/nuget/nuget-org/package-readme-on-nuget-org#allowed-domains-for-images-and-badges

Repro Steps

Create a repo on github. When prompted, add a readme file. An editor will open. Paste an image from clipboard and observe the URL as the editor adds the image reference to the readme.md

Expected Behavior

It would be nice to see actual images here

image

(https://www.nuget.org/packages/manage/upload)

Screenshots

No response

Additional Context and logs

No response

paulnsk avatar Nov 04 '23 03:11 paulnsk

cc @lyndaidaii who is expert in this area

joelverhagen avatar Nov 20 '23 14:11 joelverhagen

Hitting the same issue. Indeed https://github.com/<user>/<project>/assets/* should be trusted given it is the default on the GitHub side for all pasted images in their markdown editor.

sailro avatar Nov 24 '23 14:11 sailro

Same here: https://github.com/NuGet/NuGetGallery/issues/9696

sailro avatar Nov 24 '23 14:11 sailro

Same here: https://github.com/NuGet/NuGetGallery/issues/9621

sailro avatar Nov 24 '23 14:11 sailro