Search code examples
c#nugetvisual-studio-2022

Where does this come from: "warning NU1803: You are running the 'restore' operation with an 'HTTP' source"

I'm using QuanTower API (they have a VS plug-in) and when building a C# project I always get:

warning NU1803: You are running the 'restore' operation with an 'HTTP' source, 'http://nuget.org'. Non-HTTPS access will be removed in a future version. Consider migrating to an 'HTTPS' source.

Their support says they don't see that message.

I have no clue where it is coming from, what it is or what is causing it? How do I figure out what is causing this message?

TIA!!

Solution

  • I can reproduce the issue you encountered:

    enter image description here

    This is only a warning which start from Nuget 6.3 which let you know that you’re using a non-HTTPS source..

    You can take a look at this announcement:

    HTTPS everywhere

    The actual problem on your side is the source you were using. The nuget gallery website url can't be the source of the nuget.

    You may need some concepts of these knowledge:

    1, Nuget Tool

    Nuget is a free and open-source package manager for the Microsoft development platform. Nuget source is a concept under this tool.

    An introduction to NuGet

    2, Nuget Gallery

    This is a website, you can search the packages maded by official of personal.

    https://www.nuget.org/:

    This is the main website for the NuGet project. Here, you can search for packages, publish new packages, and read documentation on how to use NuGet, among other things. You can also download the NuGet client tools from this website.

    3, Nuget V3 entry point

    https://api.nuget.org/v3/index.json:

    This URL is the entry point for the NuGet V3 API. It's not intended to be used with a web browser. Instead, it's designed for use by the NuGet client tools (like nuget.exe or the NuGet features in Visual Studio) when they need to interact with a NuGet repository. This URL provides a JSON response that includes the URLs of other services in the NuGet V3 API, like search, package metadata, and package download services.

    You can also refer to this official document:

    sources command (NuGet CLI)

    You can see that it mentioned:

    Note that the source URL for nuget.org is https://api.nuget.org/v3/index.json.

    You can use this entry point for restore mostly public nuget packages via nuget tool, you can use one source which use this as the upstream. Or use a source which you make sure contains the packages you need.

    So, nuget is a tool which extensively used within the .NET ecosystem to manage libraries and tools. www.nuget.org is a user-facing website, while api.nuget.org/v3/index.json is a service-facing API endpoint.

    For the 'http://nuget.org' link you use, it even not the standard format of nuget gallery. Why you enter this and finally go to the nuget gallery is because the server configuration, When you enter a URL without the www subdomain, the server is configured to redirect you to the www version of the site.