# This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # Mixed Content Blocker # LOCALIZATION NOTE: "%1$S" is the URI of the blocked mixed content resource BlockMixedDisplayContent = Blocked loading mixed display content “%1$S” BlockMixedActiveContent = Blocked loading mixed active content “%1$S” # CORS # LOCALIZATION NOTE: Do not translate "Access-Control-Allow-Origin", Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers CORSDisabled=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS disabled). CORSDidNotSucceed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request did not succeed). CORSOriginHeaderNotAdded=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Origin’ cannot be added). CORSExternalRedirectNotAllowed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request external redirect not allowed). CORSRequestNotHttp=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request not http). CORSMissingAllowOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header “Access-Control-Allow-Origin” missing). CORSMultipleAllowOriginNotAllowed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Multiple CORS header ‘Access-Control-Allow-Origin’ not allowed). CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header “Access-Control-Allow-Origin” does not match “%2$S”). CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘%1$S’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’). CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header “Access-Control-Allow-Methods”). CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected “true” in CORS header “Access-Control-Allow-Credentials”). CORSPreflightDidNotSucceed2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight response did not succeed). CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token “%2$S” in CORS header “Access-Control-Allow-Methods”). CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token “%2$S” in CORS header “Access-Control-Allow-Headers”). CORSMissingAllowHeaderFromPreflight2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: header ‘%2$S’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response). # LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains" STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site. STSUntrustworthyConnection=Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored. STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully. STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a “max-age” directive. STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple “max-age” directives. STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid “max-age” directive. STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple “includeSubDomains” directives. STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid “includeSubDomains” directive. STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host. # LOCALIZATION NOTE: Do not translate "SHA-1" SHA1Sig=This site makes use of a SHA-1 Certificate; it’s recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1. InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen. InsecureFormActionPasswordsPresent=Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen. InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen. # LOCALIZATION NOTE: "%1$S" is the URI of the insecure mixed content resource LoadingMixedActiveContent2=Loading mixed (insecure) active content “%1$S” on a secure page LoadingMixedDisplayContent2=Loading mixed (insecure) display content “%1$S” on a secure page LoadingMixedDisplayObjectSubrequestDeprecation=Loading mixed (insecure) content “%1$S” within a plugin on a secure page is discouraged and will be blocked soon. # LOCALIZATION NOTE: "%S" is the URI of the insecure mixed content download MixedContentBlockedDownload = Blocked downloading insecure content “%S”. # LOCALIZATION NOTE: Do not translate "allow-scripts", "allow-same-origin", "sandbox" or "iframe" BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing. # LOCALIZATION NOTE: Do not translate "allow-top-navigation-by-user-activation", "allow-top-navigation", "sandbox" or "iframe" BothAllowTopNavigationAndUserActivationPresent=An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations. # Sub-Resource Integrity # LOCALIZATION NOTE: Do not translate "script" or "integrity". "%1$S" is the invalid token found in the attribute. MalformedIntegrityHash=The script element has a malformed hash in its integrity attribute: “%1$S”. The correct format is “-”. # LOCALIZATION NOTE: Do not translate "integrity" InvalidIntegrityLength=The hash contained in the integrity attribute has the wrong length. # LOCALIZATION NOTE: Do not translate "integrity" InvalidIntegrityBase64=The hash contained in the integrity attribute could not be decoded. # LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the type of hash algorithm in use (e.g. "sha256"). IntegrityMismatch=None of the “%1$S” hashes in the integrity attribute match the content of the subresource. # LOCALIZATION NOTE: "%1$S" is the URI of the sub-resource that cannot be protected using SRI. IneligibleResource=“%1$S” is not eligible for integrity checks since it’s neither CORS-enabled nor same-origin. # LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the invalid hash algorithm found in the attribute. UnsupportedHashAlg=Unsupported hash algorithm in the integrity attribute: “%1$S” # LOCALIZATION NOTE: Do not translate "integrity" NoValidMetadata=The integrity attribute does not contain any valid metadata. # LOCALIZATION NOTE: Do not translate "RC4". WeakCipherSuiteWarning=This site uses the cipher RC4 for encryption, which is deprecated and insecure. DeprecatedTLSVersion2=This site uses a deprecated version of TLS. Please upgrade to TLS 1.2 or 1.3. #XCTO: nosniff # LOCALIZATION NOTE: Do not translate "X-Content-Type-Options: nosniff". MimeTypeMismatch2=The resource from “%1$S” was blocked due to MIME type (“%2$S”) mismatch (X-Content-Type-Options: nosniff). # LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff". XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”? # LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff". XTCOWithMIMEValueMissing=The resource from “%1$S” was not rendered due to an unknown, incorrect or missing MIME type (X-Content-Type-Options: nosniff). BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type. # LOCALIZATION NOTE: Do not translate "importScripts()" BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”). BlockWorkerWithWrongMimeType=Loading Worker from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). BlockModuleWithWrongMimeType=Loading module from “%1$S” was blocked because of a disallowed MIME type (“%2$S”). # LOCALIZATION NOTE: Do not translate "data: URI". BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”) BlockSubresourceRedirectToData=Redirecting to insecure data: URI not allowed (Blocked loading of: “%1$S”) BlockSubresourceFTP=Loading FTP subresource within http(s) page not allowed (Blocked loading of: “%1$S”) RestrictBrowserEvalUsage=eval() and eval-like uses are not allowed in the Parent Process or in System Contexts (Blocked usage in “%1$S”) # LOCALIZATION NOTE (BrowserUpgradeInsecureDisplayRequest): # %1$S is the browser name "brandShortName"; %2$S is the URL of the upgraded request; %1$S is the upgraded scheme. BrowserUpgradeInsecureDisplayRequest = %1$S is upgrading an insecure display request “%2$S” to use “%3$S” # LOCALIZATION NOTE (MixedContentAutoUpgrade): # %1$S is the URL of the upgraded request; %2$S is the upgraded scheme. MixedContentAutoUpgrade=Upgrading insecure display request ‘%1$S’ to use ‘%2$S’ # LOCALIZATION NOTE (RunningClearSiteDataValue): # %S is the URI of the resource whose data was cleaned up RunningClearSiteDataValue=Clear-Site-Data header forced the clean up of “%S” data. UnknownClearSiteDataValue=Clear-Site-Data header found. Unknown value “%S”. # Reporting API ReportingHeaderInvalidJSON=Reporting Header: invalid JSON value received. ReportingHeaderInvalidNameItem=Reporting Header: invalid name for group. ReportingHeaderDuplicateGroup=Reporting Header: ignoring duplicated group named “%S”. ReportingHeaderInvalidItem=Reporting Header: ignoring invalid item named “%S”. ReportingHeaderInvalidEndpoint=Reporting Header: ignoring invalid endpoint for item named “%S”. # LOCALIZATION NOTE(ReportingHeaderInvalidURLEndpoint): %1$S is the invalid URL, %2$S is the group name ReportingHeaderInvalidURLEndpoint=Reporting Header: ignoring invalid endpoint URL “%1$S” for item named “%2$S”. FeaturePolicyUnsupportedFeatureName=Feature Policy: Skipping unsupported feature name “%S”. # TODO: would be nice to add a link to the Feature-Policy MDN documentation here. See bug 1449501 FeaturePolicyInvalidEmptyAllowValue= Feature Policy: Skipping empty allow list for feature: “%S”. # TODO: would be nice to add a link to the Feature-Policy MDN documentation here. See bug 1449501 FeaturePolicyInvalidAllowValue=Feature Policy: Skipping unsupported allow value “%S”. # LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI. ReferrerLengthOverLimitation=HTTP Referrer header: Length is over “%1$S” bytes limit - stripping referrer header down to origin: “%2$S” # LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI. ReferrerOriginLengthOverLimitation=HTTP Referrer header: Length of origin within referrer is over “%1$S” bytes limit - removing referrer with origin “%2$S”. # X-Frame-Options # LOCALIZATION NOTE(XFrameOptionsInvalid): %1$S is the header value, %2$S is frame URI. Do not translate "X-Frame-Options". XFrameOptionsInvalid = Invalid X-Frame-Options header was found when loading “%2$S”: “%1$S” is not a valid directive. # LOCALIZATION NOTE(XFrameOptionsDeny): %1$S is the header value, %2$S is frame URI and %3$S is the parent document URI. Do not translate "X-Frame-Options". XFrameOptionsDeny=The loading of “%2$S” in a frame is denied by “X-Frame-Options“ directive set to “%1$S“. # HTTPS-Only Mode # LOCALIZATION NOTE: %1$S is the URL of the upgraded request; %2$S is the upgraded scheme. HTTPSOnlyUpgradeRequest = Upgrading insecure request “%1$S” to use “%2$S”. # LOCALIZATION NOTE: %1$S is the URL of request. HTTPSOnlyNoUpgradeException = Not upgrading insecure request “%1$S” because it is exempt. # LOCALIZATION NOTE: %1$S is the URL of the failed request; %2$S is an error-code. HTTPSOnlyFailedRequest = Upgrading insecure request “%1$S” failed. (%2$S) # LOCALIZATION NOTE: %S is the URL of the blocked request; IframeSandboxBlockedDownload = Download of “%S” was blocked because the triggering iframe has the sandbox flag set. # Sanitizer API # LOCALIZATION NOTE: Please do not localize "DocumentFragment". It's the name of an API. SanitizerRcvdNoInput = Received empty or no input. Returning an empty DocumentFragment. # LOCALIZATION NOTE: "Sanitizer" is the name of the API. Please do not localize. SanitizerOptionsDiscarded = Options for the Sanitizer constructor are not yet supported. Please note this is experimental behaviour.