Make sure all image asset lookups are case insensitive (#43107)

Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>

content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md

@@ -124,7 +124,7 @@ You can download the {% data variables.product.prodname_advanced_security %} lic
 {%- elsif ghes > 3.8 %}
 1. Under "{% data variables.product.prodname_GH_advanced_security %}," click {% octicon "download" aria-hidden="true" %} **CSV report** in the header of the "Committers" table.
 
-   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "CSV Report" button is highlighted with an orange outline.](/assets/images/enterprise/ghas/download-CSV-report-ghes-3.9.png)
+   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "CSV Report" button is highlighted with an orange outline.](/assets/images/enterprise/ghas/download-csv-report-ghes-3.9.png)
 
 {%- else %}
 1. Under "{% data variables.product.prodname_GH_advanced_security %}," {% octicon "download" aria-label="The download icon" %} in the header of the "Committers" table.

content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md

@@ -50,7 +50,7 @@ You can configure notification settings for yourself or your organization from t
 
 {% ifversion update-notification-settings-22 %}
 ![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu, showing notification frequency options, is highlighted with an orange outline.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes > 3.7 or ghae > 3.7 %}
-![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-UI.png){% endif %}
+![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-ui.png){% endif %}
 
 {% note %}
 

content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -235,6 +235,6 @@ You can view all open alerts, and you can reopen alerts that have been previousl
 When a member of your organization {% ifversion not fpt %}or enterprise {% endif %}performs an action related to {% data variables.product.prodname_dependabot_alerts %}, you can review the actions in the audit log. For more information about accessing the log, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#accessing-the-audit-log){% ifversion not fpt %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)."{% else %}."{% endif %}
 {% ifversion dependabot-alerts-audit-log %}
 
-![Screenshot of the audit log showing Dependabot alerts.](/assets/images/help/dependabot/audit-log-UI-dependabot-alert.png){% endif %}
+![Screenshot of the audit log showing Dependabot alerts.](/assets/images/help/dependabot/audit-log-ui-dependabot-alert.png){% endif %}
 
 Events in your audit log for {% data variables.product.prodname_dependabot_alerts %} include details such as who performed the action, what the action was, and when the action was performed. {% ifversion dependabot-alerts-audit-log %}The event also includes a link to the alert itself. When a member of your organization dismisses an alert, the event displays the dismissal reason and comment.{% endif %} For information on the {% data variables.product.prodname_dependabot_alerts %} actions, see the `repository_vulnerability_alert` category in "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_vulnerability_alert){% ifversion not fpt %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#repository_vulnerability_alert)."{% else %}."{% endif %}

content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md

@@ -49,7 +49,7 @@ You will need to create a new personal account and then use this account to crea
 {% ifversion ghec %}
 1. Click **Configure SSO** and authorize the token for use with SAML single sign-on (SSO), so that it can access repositories that are owned by organizations with SSO enabled. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)."
 
-   ![Screenshot of the "{% data variables.product.pat_v1_caps_plural %}" page. The "Configure SSO" button for a PAT is highlighted with a dark orange outline.](/assets/images/help/codespaces/configure-SSO-for-PAT.png)
+   ![Screenshot of the "{% data variables.product.pat_v1_caps_plural %}" page. The "Configure SSO" button for a PAT is highlighted with a dark orange outline.](/assets/images/help/codespaces/configure-sso-for-pat.png)
 
 {% endif %}
 1. Copy the token string. You will assign this to a {% data variables.product.prodname_codespaces %} repository secret.

content/site-policy/privacy-policies/github-privacy-statement.md

@@ -337,7 +337,7 @@ Below are translations of this document into other languages. In the event of an
 
 ### French
 
-Cliquez ici pour obtenir la version française: [Déclaration de confidentialité de GitHub (PDF)](/assets/images/help/site-policy/github-privacy-statement(07.22.20)(FR).pdf)
+Cliquez ici pour obtenir la version française: [Déclaration de confidentialité de GitHub (PDF)](/assets/images/help/site-policy/github-privacy-statement(07.22.20)(fr).pdf)
 
 ### Other translations
 

data/reusables/codespaces/usage-report-download.md

@@ -6,8 +6,8 @@
 
    To see the costs for {% data variables.product.prodname_github_codespaces %} compute usage and storage, filter the report to show only rows that mention "Codespaces" in the `Product` column.
 
-   ![Screenshot of a usage report filtered to show only row that mention "{% data variables.product.prodname_codespaces %}" in the "Product" column.](/assets/images/help/codespaces/CSV-usage-report.png)
+   ![Screenshot of a usage report filtered to show only row that mention "{% data variables.product.prodname_codespaces %}" in the "Product" column.](/assets/images/help/codespaces/csv-usage-report.png)
 
    To see only the costs for creating, updating and storing prebuilds, filter the report to show only rows that mention "Create Codespaces Prebuilds" in the `Actions Workflow` column.
 
-   ![Screenshot of a usage report filtered to show only details relating to codespace prebuilds.](/assets/images/help/codespaces/CSV-usage-report-prebuilds.png)
+   ![Screenshot of a usage report filtered to show only details relating to codespace prebuilds.](/assets/images/help/codespaces/csv-usage-report-prebuilds.png)

src/assets/middleware/asset-preprocessing.js

@@ -12,6 +12,19 @@ const regex = /\/cb-\d+\//
 
 export default function assetPreprocessing(req, res, next) {
   if (req.path.startsWith('/assets/')) {
+    // We didn't use to have a rule about all image assets must be
+    // lower case. So we've exposed things like:
+    // <img src="/assets/images/Foobar.png"> which means they could
+    // get a 404 if the file is actually named `foobar.png`.
+    if (req.url !== req.url.toLowerCase()) {
+      // The reason for doing a redirect instead rewriting the
+      // `req.url` attribute is that we don't want encourage this.
+      // By forcing this to be a redirect, it means we only serve
+      // 1 single file. All other requests will be redirects.
+      // Otherwise someone might trigger too much bypassing of the CDN.
+      return res.redirect(req.url.toLowerCase())
+    }
+
     // We're only confident enough to set the *manual* surrogate key if the
     // asset contains the cache-busting piece.
     if (regex.test(req.url)) {

src/assets/tests/static-assets.js

@@ -57,4 +57,24 @@ describe('static assets', () => {
     expect(res.headers['content-type']).toContain('text/plain')
     checkCachingHeaders(res, true, 60)
   })
+  it("should redirect if the URLisn't all lowercase", async () => {
+    // Directory
+    {
+      const res = await get('/assets/images/SITE/logo.png')
+      expect(res.statusCode).toBe(302)
+      expect(res.headers.location).toBe('/assets/images/site/logo.png')
+    }
+    // File name
+    {
+      const res = await get('/assets/images/site/LoGo.png')
+      expect(res.statusCode).toBe(302)
+      expect(res.headers.location).toBe('/assets/images/site/logo.png')
+    }
+    // File extension
+    {
+      const res = await get('/assets/images/site/logo.PNG')
+      expect(res.statusCode).toBe(302)
+      expect(res.headers.location).toBe('/assets/images/site/logo.png')
+    }
+  })
 })