diff --git a/assets/images/enterprise/3.2/release-notes/security-overview-UI.png b/assets/images/enterprise/3.2/release-notes/security-overview-ui.png similarity index 100% rename from assets/images/enterprise/3.2/release-notes/security-overview-UI.png rename to assets/images/enterprise/3.2/release-notes/security-overview-ui.png diff --git a/assets/images/enterprise/ghas/download-CSV-report-ghes-3.9.png b/assets/images/enterprise/ghas/download-csv-report-ghes-3.9.png similarity index 100% rename from assets/images/enterprise/ghas/download-CSV-report-ghes-3.9.png rename to assets/images/enterprise/ghas/download-csv-report-ghes-3.9.png diff --git a/assets/images/help/codespaces/configure-SSO-for-PAT.png b/assets/images/help/codespaces/configure-sso-for-pat.png similarity index 100% rename from assets/images/help/codespaces/configure-SSO-for-PAT.png rename to assets/images/help/codespaces/configure-sso-for-pat.png diff --git a/assets/images/help/codespaces/CSV-usage-report-prebuilds.png b/assets/images/help/codespaces/csv-usage-report-prebuilds.png similarity index 100% rename from assets/images/help/codespaces/CSV-usage-report-prebuilds.png rename to assets/images/help/codespaces/csv-usage-report-prebuilds.png diff --git a/assets/images/help/codespaces/CSV-usage-report.png b/assets/images/help/codespaces/csv-usage-report.png similarity index 100% rename from assets/images/help/codespaces/CSV-usage-report.png rename to assets/images/help/codespaces/csv-usage-report.png diff --git a/assets/images/help/dependabot/audit-log-UI-dependabot-alert.png b/assets/images/help/dependabot/audit-log-ui-dependabot-alert.png similarity index 100% rename from assets/images/help/dependabot/audit-log-UI-dependabot-alert.png rename to assets/images/help/dependabot/audit-log-ui-dependabot-alert.png diff --git a/assets/images/help/enterprises/dependabot-alerts-options-no-UI.png b/assets/images/help/enterprises/dependabot-alerts-options-no-ui.png similarity index 100% rename from assets/images/help/enterprises/dependabot-alerts-options-no-UI.png rename to assets/images/help/enterprises/dependabot-alerts-options-no-ui.png diff --git a/assets/images/help/site-policy/github-privacy-statement(07.22.20)(FR).pdf b/assets/images/help/site-policy/github-privacy-statement(07.22.20)(fr).pdf similarity index 100% rename from assets/images/help/site-policy/github-privacy-statement(07.22.20)(FR).pdf rename to assets/images/help/site-policy/github-privacy-statement(07.22.20)(fr).pdf diff --git a/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md b/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md index b44b9f2364..df49bfd2df 100644 --- a/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md +++ b/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md @@ -124,7 +124,7 @@ You can download the {% data variables.product.prodname_advanced_security %} lic {%- elsif ghes > 3.8 %} 1. Under "{% data variables.product.prodname_GH_advanced_security %}," click {% octicon "download" aria-hidden="true" %} **CSV report** in the header of the "Committers" table. - ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "CSV Report" button is highlighted with an orange outline.](/assets/images/enterprise/ghas/download-CSV-report-ghes-3.9.png) + ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "CSV Report" button is highlighted with an orange outline.](/assets/images/enterprise/ghas/download-csv-report-ghes-3.9.png) {%- else %} 1. Under "{% data variables.product.prodname_GH_advanced_security %}," {% octicon "download" aria-label="The download icon" %} in the header of the "Committers" table. diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md index 09cef8f9ce..b2096a9826 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md @@ -50,7 +50,7 @@ You can configure notification settings for yourself or your organization from t {% ifversion update-notification-settings-22 %} ![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu, showing notification frequency options, is highlighted with an orange outline.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes > 3.7 or ghae > 3.7 %} -![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-UI.png){% endif %} +![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-ui.png){% endif %} {% note %} diff --git a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md index 322299391c..5e556516a7 100644 --- a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -235,6 +235,6 @@ You can view all open alerts, and you can reopen alerts that have been previousl When a member of your organization {% ifversion not fpt %}or enterprise {% endif %}performs an action related to {% data variables.product.prodname_dependabot_alerts %}, you can review the actions in the audit log. For more information about accessing the log, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization#accessing-the-audit-log){% ifversion not fpt %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)."{% else %}."{% endif %} {% ifversion dependabot-alerts-audit-log %} -![Screenshot of the audit log showing Dependabot alerts.](/assets/images/help/dependabot/audit-log-UI-dependabot-alert.png){% endif %} +![Screenshot of the audit log showing Dependabot alerts.](/assets/images/help/dependabot/audit-log-ui-dependabot-alert.png){% endif %} Events in your audit log for {% data variables.product.prodname_dependabot_alerts %} include details such as who performed the action, what the action was, and when the action was performed. {% ifversion dependabot-alerts-audit-log %}The event also includes a link to the alert itself. When a member of your organization dismisses an alert, the event displays the dismissal reason and comment.{% endif %} For information on the {% data variables.product.prodname_dependabot_alerts %} actions, see the `repository_vulnerability_alert` category in "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization#repository_vulnerability_alert){% ifversion not fpt %}" and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#repository_vulnerability_alert)."{% else %}."{% endif %} diff --git a/content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md b/content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md index 48686ddf6f..2b54b33f8f 100644 --- a/content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md +++ b/content/codespaces/prebuilding-your-codespaces/allowing-a-prebuild-to-access-other-repositories.md @@ -49,7 +49,7 @@ You will need to create a new personal account and then use this account to crea {% ifversion ghec %} 1. Click **Configure SSO** and authorize the token for use with SAML single sign-on (SSO), so that it can access repositories that are owned by organizations with SSO enabled. For more information, see "[AUTOTITLE](/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on)." - ![Screenshot of the "{% data variables.product.pat_v1_caps_plural %}" page. The "Configure SSO" button for a PAT is highlighted with a dark orange outline.](/assets/images/help/codespaces/configure-SSO-for-PAT.png) + ![Screenshot of the "{% data variables.product.pat_v1_caps_plural %}" page. The "Configure SSO" button for a PAT is highlighted with a dark orange outline.](/assets/images/help/codespaces/configure-sso-for-pat.png) {% endif %} 1. Copy the token string. You will assign this to a {% data variables.product.prodname_codespaces %} repository secret. diff --git a/content/site-policy/privacy-policies/github-privacy-statement.md b/content/site-policy/privacy-policies/github-privacy-statement.md index 0d0795068e..9a6320f037 100644 --- a/content/site-policy/privacy-policies/github-privacy-statement.md +++ b/content/site-policy/privacy-policies/github-privacy-statement.md @@ -337,7 +337,7 @@ Below are translations of this document into other languages. In the event of an ### French -Cliquez ici pour obtenir la version française: [Déclaration de confidentialité de GitHub (PDF)](/assets/images/help/site-policy/github-privacy-statement(07.22.20)(FR).pdf) +Cliquez ici pour obtenir la version française: [Déclaration de confidentialité de GitHub (PDF)](/assets/images/help/site-policy/github-privacy-statement(07.22.20)(fr).pdf) ### Other translations diff --git a/data/reusables/codespaces/usage-report-download.md b/data/reusables/codespaces/usage-report-download.md index 11a375e4d3..1a10132696 100644 --- a/data/reusables/codespaces/usage-report-download.md +++ b/data/reusables/codespaces/usage-report-download.md @@ -6,8 +6,8 @@ To see the costs for {% data variables.product.prodname_github_codespaces %} compute usage and storage, filter the report to show only rows that mention "Codespaces" in the `Product` column. - ![Screenshot of a usage report filtered to show only row that mention "{% data variables.product.prodname_codespaces %}" in the "Product" column.](/assets/images/help/codespaces/CSV-usage-report.png) + ![Screenshot of a usage report filtered to show only row that mention "{% data variables.product.prodname_codespaces %}" in the "Product" column.](/assets/images/help/codespaces/csv-usage-report.png) To see only the costs for creating, updating and storing prebuilds, filter the report to show only rows that mention "Create Codespaces Prebuilds" in the `Actions Workflow` column. - ![Screenshot of a usage report filtered to show only details relating to codespace prebuilds.](/assets/images/help/codespaces/CSV-usage-report-prebuilds.png) + ![Screenshot of a usage report filtered to show only details relating to codespace prebuilds.](/assets/images/help/codespaces/csv-usage-report-prebuilds.png) diff --git a/src/assets/middleware/asset-preprocessing.js b/src/assets/middleware/asset-preprocessing.js index 4d646cf571..8bfc0fbc4b 100644 --- a/src/assets/middleware/asset-preprocessing.js +++ b/src/assets/middleware/asset-preprocessing.js @@ -12,6 +12,19 @@ const regex = /\/cb-\d+\// export default function assetPreprocessing(req, res, next) { if (req.path.startsWith('/assets/')) { + // We didn't use to have a rule about all image assets must be + // lower case. So we've exposed things like: + // which means they could + // get a 404 if the file is actually named `foobar.png`. + if (req.url !== req.url.toLowerCase()) { + // The reason for doing a redirect instead rewriting the + // `req.url` attribute is that we don't want encourage this. + // By forcing this to be a redirect, it means we only serve + // 1 single file. All other requests will be redirects. + // Otherwise someone might trigger too much bypassing of the CDN. + return res.redirect(req.url.toLowerCase()) + } + // We're only confident enough to set the *manual* surrogate key if the // asset contains the cache-busting piece. if (regex.test(req.url)) { diff --git a/src/assets/tests/static-assets.js b/src/assets/tests/static-assets.js index 43c8fb750c..1708322b04 100644 --- a/src/assets/tests/static-assets.js +++ b/src/assets/tests/static-assets.js @@ -57,4 +57,24 @@ describe('static assets', () => { expect(res.headers['content-type']).toContain('text/plain') checkCachingHeaders(res, true, 60) }) + it("should redirect if the URLisn't all lowercase", async () => { + // Directory + { + const res = await get('/assets/images/SITE/logo.png') + expect(res.statusCode).toBe(302) + expect(res.headers.location).toBe('/assets/images/site/logo.png') + } + // File name + { + const res = await get('/assets/images/site/LoGo.png') + expect(res.statusCode).toBe(302) + expect(res.headers.location).toBe('/assets/images/site/logo.png') + } + // File extension + { + const res = await get('/assets/images/site/logo.PNG') + expect(res.statusCode).toBe(302) + expect(res.headers.location).toBe('/assets/images/site/logo.png') + } + }) })