search

NuGet / NuGetGallery

NuGet Gallery is a package repository that powers https://www.nuget.org. Use this repo for reporting NuGet.org issues.
https://www.nuget.org/
Apache License 2.0
1.52k stars 643 forks source link

[Feature]: Add more allowed images domains for Github #9960

Open Grille opened 1 month ago

Grille commented 1 month ago

Related Problem

I tried to use images I uploaded on a GitHub wiki page in my readme, but the URLs seem not to be accepted.

The one that is already in the alowed domain list that is nearest to what I need is : https://user-images.githubusercontent.com/...image

But when I drop the image in the wiki, the link I get at first is: https://github.com/User/Repo/assets/...image

Or if I get the image address again later: https://private-user-images.githubusercontent.com/...image

Both versions seem to be valid

The Elevator Pitch

Does it make sense to add the following domains to the allowed domain list?

  1. Add https://github.com/...image
    (it sems to be ok for https://gitlab.com)
  2. Add https://private-user-images.githubusercontent.com/...image (since it sems to be the default way GitHub now stores these images internally??)

Additional Context and Details

A bit off topic: I would also be happy if someone could point me to how I upload an image on GitHub as non private? I sadly found nothing about this.

erdembayar commented 1 month ago

@Grille Could please list of all of those image domains?

@lyndaidaii
Could you provide us playbook on how to determine which ones are ok or not?

lyndaidaii commented 1 month ago

We do have a playbook for this. @erdembayar

Grille commented 1 month ago

Sorry, I’m not entirely sure what you asking? @erdembayar

This is the full URL of one of the images in question, in case you meant that.

https://private-user-images.githubusercontent.com/26384012/333878765-b4541b00-b4d4-4e0e-a9a6-983a1ff05d5e.gif?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTcwMTUzMTYsIm5iZiI6MTcxNzAxNTAxNiwicGF0aCI6Ii8yNjM4NDAxMi8zMzM4Nzg3NjUtYjQ1NDFiMDAtYjRkNC00ZTBlLWE5YTYtOTgzYTFmZjA1ZDVlLmdpZj9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MjklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTI5VDIwMzY1NlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTE5NjQ2ZGRjNWJlOGI2NWQ2YTdmZDgwODRkMjg5ODNhMTBjY2Q2YzdkYTlkZWI3YjBiMmIwNjFmYjgxYWE3ZjMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.hLFEU-lRPPcQs5mGxUSSNCov_JzUlSXWtMRBd22yc7o

Btw, I resolved my personal problem by using https://raw.githubusercontent.com/ instead.

But adding https://private-user-images.githubusercontent.com/ in general may still makes sense?

erdembayar commented 1 month ago

Sorry, I’m not entirely sure what you asking? @erdembayar

This is the full URL of one of the images in question, in case you meant that.

https://private-user-images.githubusercontent.com/26384012/333878765-b4541b00-b4d4-4e0e-a9a6-983a1ff05d5e.gif?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTcwMTUzMTYsIm5iZiI6MTcxNzAxNTAxNiwicGF0aCI6Ii8yNjM4NDAxMi8zMzM4Nzg3NjUtYjQ1NDFiMDAtYjRkNC00ZTBlLWE5YTYtOTgzYTFmZjA1ZDVlLmdpZj9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MjklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTI5VDIwMzY1NlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTE5NjQ2ZGRjNWJlOGI2NWQ2YTdmZDgwODRkMjg5ODNhMTBjY2Q2YzdkYTlkZWI3YjBiMmIwNjFmYjgxYWE3ZjMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.hLFEU-lRPPcQs5mGxUSSNCov_JzUlSXWtMRBd22yc7o

Btw, I resolved my personal problem by using https://raw.githubusercontent.com/ instead.

But adding https://private-user-images.githubusercontent.com/ in general may still makes sense?

I couldn't open the image link above. If it's not accessible to anyone except you, then how could it be used inside the package?

Grille commented 1 month ago

Hm, did the link change? Does GitHub create a new link every time the image is accessed on the wiki or something?

Here is the wiki page: https://github.com/Grille/2D-isometricRenderer/wiki

And the current link: https://private-user-images.githubusercontent.com/26384012/333878765-b4541b00-b4d4-4e0e-a9a6-983a1ff05d5e.gif?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTcwMTcxNzgsIm5iZiI6MTcxNzAxNjg3OCwicGF0aCI6Ii8yNjM4NDAxMi8zMzM4Nzg3NjUtYjQ1NDFiMDAtYjRkNC00ZTBlLWE5YTYtOTgzYTFmZjA1ZDVlLmdpZj9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MjklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTI5VDIxMDc1OFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTlmYjYxMTZmODI3OGZkM2YxNDk1OWViMTdjMDZjNjQ0MDYwYTcwMmIyMzc1YTAzMjg2NzVlZDQ4YmE2YTA4OTgmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.8lGtf9aGE6BiB6KiBMTgSN7D8Q3v7XNCAWj3TrA4Rrw

Grille commented 1 month ago

@erdembayar

Yea, I tested around a bit, and the link stays public only for a short time, after that the image link can only be opened by the owner. following the image link on the wiki page gets you a new link by then.

So that makes anything under https://private-user-images.githubusercontent.com/ obviously useless as an image link in a package.

on the other hand, the link you get on upload sems to stays valid indefinitely and forwards to an temporary public https://private-user-images.githubusercontent.com/ link, so these could probably be used in a package.

here an example of such a link: https://github.com/Grille/RetroLine3D/assets/26384012/a0192c26-a4de-4b94-acc2-4e028eb95151

erdembayar commented 4 weeks ago

on the other hand, the link you get on upload sems to stays valid indefinitely

What is the sems in this context?

forwards to an temporary public https://private-user-images.githubusercontent.com/ link, so these could probably be used in a package. here an example of such a link: https://github.com/Grille/RetroLine3D/assets/26384012/a0192c26-a4de-4b94-acc2-4e028eb95151

I still don't understand what is the connection between https://private-user-images.githubusercontent.com/ link and https://github.com/Grille/RetroLine3D/assets/26384012/a0192c26-a4de-4b94-acc2-4e028eb95151

If it's hard to reason or implement, there are several other options already available from GitHub. No sure benefit of adding this one.

Grille commented 4 weeks ago

What is the sems in this context?

"seems" At this point I’m pretty sure, the example link I gave is still accessible (not only by me)

The connection is that if you upload an image on GitHub wiki/readme you get an https://github.com/User/Repo/assets/ image link.

That link doesn’t directly contain the image but forwards to a temporary https://private-user-images.githubusercontent.com/ link.

The first link could be used from NuGet (if NuGet can handle being forwarded).

The second link cannot be used since it’s just a temporary link.

So my proposal at this point is adding https://github.com/ just as https://gitlab.com/ is already added. To be able to use any images that are under the GitHub domain.

That I mentioned https://private-user-images.githubusercontent.com/ in the beginning, was based on a misunderstanding on my side on what that link actually does, sorry for that.