Update JQuery library and simplify OS detection #57
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In commit f9bbd2d a then-current version of the JavaScript library from https://github.com/codejoust/session.js (in minified form) was added to the Git LFS home page in order to help provide detection of the user's operating system and thus suggest the appropriate release package of Git LFS to download. This JS library is no longer up-to-date, and the upstream project does not appear to be actively maintained. It also provides a lot of additional client detection capabilities which the Git LFS home page does not require. We can simplify our home page to instead perform a basic form of OS detection using the same technique as the session.js library, namely a search for the specific strings "Mac" or "Linux" in the navigator.platform variable. While this variable's use is deprecated in current JavaScript documentation, it remains the most straightforward way of performing the basic and limited OS detection we require. See, for reference: https://developer.mozilla.org/en-US/docs/Web/API/Navigator/platform https://developer.chrome.com/en/docs/privacy-sandbox/user-agent/ In future we may choose to replace this with another approach, such as the User-Agent Client Hints API, but this is not yet supported by some major Web clients: https://developer.mozilla.org/en-US/docs/Web/API/WorkerNavigator/userAgentData Both the legacy version of the session.js library and the most recent update to that library (from 2019) pass the "navigator" object to the library's session_fetch() function, which calls the library's search() function to set the "os" variable we check, passing an internal "data.os" array containing the possible OS types and their identifying strings. The search() function then tests for a match with one of these array elements, and in the case of the two checks we perform (for MacOS and Linux) this is just a search for a given string ("Mac" or "Linux") in the string returned by navigator.platform. Thus we can just perform these simple checks ourselves, which will suffice for our purposes, and avoid the need to use a legacy JS library entirely.
We can remove the executable file permissions from a static file which does not contain a command-line script or program.
bk2204
approved these changes
Oct 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The version of the JQuery library we use for the https://git-lfs.com home page was released in 2016 and is the subject of a few security reports, so although our use of JQuery is limited, we update it to the latest version. We also simplify our JavaScript code which performs a basic attempt at client OS detection.
First, we update our version of JQuery from is 1.12.4 to 3.7.1. The older version is the subject of a number of security issues, including:
Next, we remove our use of the
session.min.jsJavaScript library, which appears to be from thecodejoust/session.jsproject. Our version seems to match the code in thesession.jsfile following PR codejoust/session.js#41, with minification applied manually. Regardless, as that project has not received updates in the last four years, and we only use a very small fraction of its functionality, we replace it with a few lines of CoffeeScript to perform a basic form of OS detection using the same technique as thecodejoust/session.jslibrary, namely a search for the specific stringsMacorLinuxin thenavigator.platformvariable.This variable's use is deprecated in current MDN JavaScript documentation; however, it remains the most straightforward
way of performing the basic and limited OS detection we require. In future we may choose to replace this with another approach, such as the User-Agent Client Hints API, but this is not yet supported by some major Web clients such as Firefox at the present time.
Both the legacy version of the
codejoust/session.jslibrary and the most recent update to that library (from 2019) pass thenavigatorobject to the library'ssession_fetch()function, which calls the library'ssearch()function to set theosvariable we check, passing an internaldata.osarray containing the possible OS types and their identifying strings. Thesearch()function then tests for a match with one of these array elements, and in the case of the two checks we perform (for MacOS and Linux) this is just a search for a given substring (MacorLinux) in the string returned bynavigator.platform.Thus we can just perform these simple checks ourselves, which will suffice for our purposes, and avoid the need to use a legacy JS library entirely. Our replacement CoffeeScript compiles to the following JavaScript:
Finally, we can adjust the file permissions on one static file to remove its unnecessary executable file permissions.