diff options
Diffstat (limited to 'l10n-et/dom/chrome/security/security.properties')
-rw-r--r-- | l10n-et/dom/chrome/security/security.properties | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/l10n-et/dom/chrome/security/security.properties b/l10n-et/dom/chrome/security/security.properties new file mode 100644 index 0000000000..d6fa977bb1 --- /dev/null +++ b/l10n-et/dom/chrome/security/security.properties @@ -0,0 +1,119 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Mixed Content Blocker +# LOCALIZATION NOTE: "%1$S" is the URI of the blocked mixed content resource +BlockMixedDisplayContent = Blocked loading mixed display content "%1$S" +BlockMixedActiveContent = Blocked loading mixed active content "%1$S" + +# CORS +# LOCALIZATION NOTE: Do not translate "Access-Control-Allow-Origin", Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers +CORSDisabled=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS disabled). +CORSDidNotSucceed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request did not succeed). +CORSOriginHeaderNotAdded=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Origin’ cannot be added). +CORSExternalRedirectNotAllowed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request external redirect not allowed). +CORSRequestNotHttp=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request not http). +CORSMissingAllowOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header 'Access-Control-Allow-Origin' missing). +CORSMultipleAllowOriginNotAllowed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Multiple CORS header ‘Access-Control-Allow-Origin’ not allowed). +CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header 'Access-Control-Allow-Origin' does not match '%2$S'). +CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘%1$S’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’). +CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header 'Access-Control-Allow-Methods'). +CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'). +CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token '%2$S' in CORS header 'Access-Control-Allow-Methods'). +CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token '%2$S' in CORS header 'Access-Control-Allow-Headers'). + +# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains" +STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site. +STSUntrustworthyConnection=Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored. +STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully. +STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a 'max-age' directive. +STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple 'max-age' directives. +STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid 'max-age' directive. +STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple 'includeSubDomains' directives. +STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid 'includeSubDomains' directive. +STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host. + +# LOCALIZATION NOTE: Do not translate "SHA-1" +SHA1Sig=This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1. +InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen. +InsecureFormActionPasswordsPresent=Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen. +InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen. +# LOCALIZATION NOTE: "%1$S" is the URI of the insecure mixed content resource +LoadingMixedActiveContent2=Loading mixed (insecure) active content "%1$S" on a secure page +LoadingMixedDisplayContent2=Loading mixed (insecure) display content "%1$S" on a secure page + +# LOCALIZATION NOTE: Do not translate "allow-scripts", "allow-same-origin", "sandbox" or "iframe" +BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing. + +# Sub-Resource Integrity +# LOCALIZATION NOTE: Do not translate "script" or "integrity". "%1$S" is the invalid token found in the attribute. +MalformedIntegrityHash=The script element has a malformed hash in its integrity attribute: "%1$S". The correct format is "<hash algorithm>-<hash value>". +# LOCALIZATION NOTE: Do not translate "integrity" +InvalidIntegrityLength=The hash contained in the integrity attribute has the wrong length. +# LOCALIZATION NOTE: Do not translate "integrity" +InvalidIntegrityBase64=The hash contained in the integrity attribute could not be decoded. +# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the type of hash algorithm in use (e.g. "sha256"). +IntegrityMismatch=None of the "%1$S" hashes in the integrity attribute match the content of the subresource. +# LOCALIZATION NOTE: "%1$S" is the URI of the sub-resource that cannot be protected using SRI. +IneligibleResource="%1$S" is not eligible for integrity checks since it's neither CORS-enabled nor same-origin. +# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the invalid hash algorithm found in the attribute. +UnsupportedHashAlg=Unsupported hash algorithm in the integrity attribute: "%1$S" +# LOCALIZATION NOTE: Do not translate "integrity" +NoValidMetadata=The integrity attribute does not contain any valid metadata. + +# LOCALIZATION NOTE: Do not translate "RC4". +WeakCipherSuiteWarning=This site uses the cipher RC4 for encryption, which is deprecated and insecure. + +#XCTO: nosniff +# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options: nosniff". +MimeTypeMismatch2=The resource from “%1$S” was blocked due to MIME type (“%2$S”) mismatch (X-Content-Type-Options: nosniff). +# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff". +XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”? + +# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff". +XTCOWithMIMEValueMissing=The resource from “%1$S” was not rendered due to an unknown, incorrect or missing MIME type (X-Content-Type-Options: nosniff). + +BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). +WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type. +# LOCALIZATION NOTE: Do not translate "importScripts()" +BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”). +BlockWorkerWithWrongMimeType=Loading Worker from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). +BlockModuleWithWrongMimeType=Loading module from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). + +# LOCALIZATION NOTE: Do not translate "data: URI". +BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”) +BlockSubresourceRedirectToData=Redirecting to insecure data: URI not allowed (Blocked loading of: “%1$S”) + +BlockSubresourceFTP=Loading FTP subresource within http(s) page not allowed (Blocked loading of: “%1$S”) + +RestrictBrowserEvalUsage=eval() and eval-like uses are not allowed in the Parent Process or in System Contexts (Blocked usage in “%1$S”) + +# LOCALIZATION NOTE (BrowserUpgradeInsecureDisplayRequest): +# %1$S is the browser name "brandShortName"; %2$S is the URL of the upgraded request; %1$S is the upgraded scheme. +BrowserUpgradeInsecureDisplayRequest = %1$S is upgrading an insecure display request ‘%2$S’ to use ‘%3$S’ +# LOCALIZATION NOTE (RunningClearSiteDataValue): +# %S is the URI of the resource whose data was cleaned up +RunningClearSiteDataValue=Clear-Site-Data header forced the clean up of “%S” data. +UnknownClearSiteDataValue=Clear-Site-Data header found. Unknown value “%S”. + +# Reporting API +ReportingHeaderInvalidJSON=Reporting Header: invalid JSON value received. +ReportingHeaderInvalidNameItem=Reporting Header: invalid name for group. +ReportingHeaderDuplicateGroup=Reporting Header: ignoring duplicated group named “%S”. +ReportingHeaderInvalidItem=Reporting Header: ignoring invalid item named “%S”. +ReportingHeaderInvalidEndpoint=Reporting Header: ignoring invalid endpoint for item named “%S”. +# LOCALIZATION NOTE(ReportingHeaderInvalidURLEndpoint): %1$S is the invalid URL, %2$S is the group name +ReportingHeaderInvalidURLEndpoint=Reporting Header: ignoring invalid endpoint URL “%1$S” for item named “%2$S”. + +FeaturePolicyUnsupportedFeatureName=Feature Policy: Skipping unsupported feature name “%S”. +# TODO: would be nice to add a link to the Feature-Policy MDN documentation here. See bug 1449501 +FeaturePolicyInvalidEmptyAllowValue= Feature Policy: Skipping empty allow list for feature: “%S”. +# TODO: would be nice to add a link to the Feature-Policy MDN documentation here. See bug 1449501 +FeaturePolicyInvalidAllowValue=Feature Policy: Skipping unsupported allow value “%S”. + +# LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI. +ReferrerLengthOverLimitation=HTTP Referrer header: Length is over “%1$S” bytes limit - stripping referrer header down to origin: “%2$S” +# LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI. +ReferrerOriginLengthOverLimitation=HTTP Referrer header: Length of origin within referrer is over “%1$S” bytes limit - removing referrer with origin “%2$S”. + |