Nuget Readme: whitelist GitHub.com for readme

[warrenbuckley]

NuGet Product(s) Involved

Other/NA

The Elevator Pitch

Please can we whitelist the domain *.GitHub.com for Nuget.org package readme’s.

Why?

Well currently the image to embed in project readme’s for opening a GitHub project on GitHub CodeSpaces is hosted at https://github.com/codespaces/badge.svg

Additional Context and Details

No response

[lyndaidaii]

@warrenbuckley, thanks for your feedback. We generally don't support for codespace, could you please explain your user case here? so that we could re-evaluate. Also, you could try workaround using following domain: https://learn.microsoft.com/en-us/NuGet/nuget-org/package-readme-on-nuget-org#allowed-domains-for-images-and-badges.

[HofmeisterAn]

The use case (issue) is mentioned in the issue description. NuGet.org does not show the Codespace badge which does not make sense, e.g.: Testcontainers.

The "Open in GitHub Codespaces" badge is missing, compared to the original README.md.

[lyndaidaii]

Thanks for your detail information. A README for a GitHub repository and a README for a package share some similarities but also have some differences. Both types of README files are crucial in providing important information about your project or package, such as what it is and does, how to get started with it, and where users can seek assistance. However, a GitHub README might contain information regarding the code of conduct, expectations for the project, and how contributions are managed, which may not be of interest to package consumers. Thus, it is worth to create a separate README for your package specifically if the README in GitHub repository primarily focuses on contributions. the codespace badge points to the source code, it relates to the code contribution. We will keep eyes on the ticket and re-evaluate if there are more upvotes. Thanks again!

[lyndaidaii]

Also here is our blog about how to write high-quality readme from our perspective, https://devblogs.microsoft.com/nuget/write-a-high-quality-readme-for-nuget-packages/, hopefully it helps. Please let us know if you have any other question.

[sliekens]

@lyndaidaii @theot12 please reconsider, Codespaces provide an easy, low-effort way to set up a playground environment where a potential user of the package can view and run sample code. Every package should have a badge to open user samples in Codespaces.

[sliekens]

Besides the question whether a README should link to Codespaces or not, the primary issue here is that github.com/codespaces/badge.svg is not allowed for security reasons. However since github.com/.../workflows/.../badge.svg is allowed, is it really a problem to allow codespaces badges?

[mwpowellhtx]

Trying to leverage an image asset from within my repository, for which project is referenced by the corresponding nuget package. However, the <img /> is not rendering in the README. It was hinted at that raw.githubusercontent.com (discord) should work as an "accepted" (big air quotes) URL for this purpose, which happens to also forward to github.com, BTW; and yet github.com is not accepted? Makes no sense, or the NuGet policy around that needs to reflect the forwarding decision.