Revise NU1302 documentation with new scenarios (#3471)

Nigusu-Allehu · web-flow · commit a85345c64595 · 2025-11-05T15:36:29.000-08:00
diff --git a/docs/reference/errors-and-warnings/NU1302.md b/docs/reference/errors-and-warnings/NU1302.md
@@ -10,6 +10,8 @@ f1_keywords:
 
 # NuGet Error NU1302
 
+## Scenario 1
+
 > You are running the 'restore' operation with an 'HTTP' source: myHttpSource. NuGet requires HTTPS sources. To use an HTTP source, you must explicitly set 'allowInsecureConnections' to true in your NuGet.Config file. Please refer to https://aka.ms/nuget-https-everywhere for more information.
 
 ### Issue
@@ -53,3 +55,34 @@ Here's how it functions:
 
 > [!WARNING]
 > Changing SdkAnalysisLevel has other side-effects. Refer to the [`SdkAnalysisLevel`](/dotnet/core/project-sdk/msbuild-props#sdkanalysislevel) for a summary of the full scope of .NET SDK features affected.
+
+## Scenario 2
+
+> You are using a NuGet source 'https://contoso/v3/index.json' that contains an 'HTTP' service index resource endpoint: 'http://contoso/v3-flatcontainer/contoso/index.json'. This is insecure and not recommended. To allow HTTP resources, you must explicitly set 'allowInsecureConnections' to true in your NuGet.Config file. For more information, visit https://aka.ms/nuget-https-everywhere.
+
+### Issue
+
+A configured package source uses **HTTPS**, but one of its resources (indicated in the error message) uses **HTTP**.
+
+NuGet requires that all sources and their resources use HTTPS.
+If you want to continue using this source despite its HTTP resource, you must set the `allowInsecureConnections` flag to true in your NuGet.config file.
+
+To learn more about package sources and resource endpoints, take a look at the [NuGet Server API](../../api/overview).
+
+#### Option 1: Update the Source to Use HTTPS
+
+Whenever possible, switch to a package source that provides only HTTPS resources. This is the recommended and most secure option.
+
+#### Option 2: Allow Insecure Connections (If Necessary)
+
+If you must use the source, explicitly allow insecure connections by adding the `allowInsecureConnections` flag in the `NuGet.Config`:
+
+For information about managing the setting in Visual Studio, see [NuGet Options in Visual Studio](../../consume-packages/nuget-visual-studio-options.md#allow-insecure-connections)
+
+```xml
+<configuration>
+  <packageSources>
+    <add key="InsecureSource" value="https://contoso/v3/index.json" allowInsecureConnections="true" />
+  </packageSources>
+</configuration>
+```
