1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Mixed Content Blocker
# LOCALIZATION NOTE: "%1$S" is the URI of the blocked mixed content resource
BlockMixedDisplayContent = Blocked loading mixed display content “%1$S”
BlockMixedActiveContent = Blocked loading mixed active content “%1$S”
# CORS
# LOCALIZATION NOTE: Do not translate "Access-Control-Allow-Origin", Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers
CORSDisabled=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS disabled).
CORSDidNotSucceed2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request did not succeed). Status code: %2$S.
CORSOriginHeaderNotAdded=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Origin’ cannot be added).
CORSExternalRedirectNotAllowed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request external redirect not allowed).
CORSRequestNotHttp=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request not http).
CORSMissingAllowOrigin2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: %2$S.
CORSMultipleAllowOriginNotAllowed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Multiple CORS header ‘Access-Control-Allow-Origin’ not allowed).
CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header “Access-Control-Allow-Origin” does not match “%2$S”).
CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘%1$S’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’).
CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header “Access-Control-Allow-Methods”).
CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected “true” in CORS header “Access-Control-Allow-Credentials”).
CORSPreflightDidNotSucceed3=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight response did not succeed). Status code: %2$S.
CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token “%2$S” in CORS header “Access-Control-Allow-Methods”).
CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token “%2$S” in CORS header “Access-Control-Allow-Headers”).
CORSMissingAllowHeaderFromPreflight2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: header ‘%2$S’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
CORSAllowHeaderFromPreflightDeprecation=Cross-Origin Request Warning: The Same Origin Policy will disallow reading the remote resource at %1$S soon. (Reason: When the `Access-Control-Allow-Headers` is `*`, the `Authorization` header is not covered. To include the `Authorization` header, it must be explicitly listed in CORS header `Access-Control-Allow-Headers`).
# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains"
STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site.
STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully.
STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a “max-age” directive.
STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple “max-age” directives.
STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid “max-age” directive.
STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple “includeSubDomains” directives.
STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid “includeSubDomains” directive.
STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host.
InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
InsecureFormActionPasswordsPresent=Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.
InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen.
# LOCALIZATION NOTE: "%1$S" is the URI of the insecure mixed content resource
LoadingMixedActiveContent2=Loading mixed (insecure) active content “%1$S” on a secure page
LoadingMixedDisplayContent2=Loading mixed (insecure) display content “%1$S” on a secure page
LoadingMixedDisplayObjectSubrequestDeprecation=Loading mixed (insecure) content “%1$S” within a plugin on a secure page is discouraged and will be blocked soon.
# LOCALIZATION NOTE: "%S" is the URI of the insecure mixed content download
MixedContentBlockedDownload = Blocked downloading insecure content “%S”.
# LOCALIZATION NOTE: Do not translate "allow-scripts", "allow-same-origin", "sandbox" or "iframe"
BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
# LOCALIZATION NOTE: Do not translate "allow-top-navigation-by-user-activation", "allow-top-navigation", "sandbox" or "iframe"
BothAllowTopNavigationAndUserActivationPresent=An iframe which has both allow-top-navigation and allow-top-navigation-by-user-activation for its sandbox attribute will permit top navigations.
# Sub-Resource Integrity
# LOCALIZATION NOTE: Do not translate "script" or "integrity". "%1$S" is the invalid token found in the attribute.
MalformedIntegrityHash=The script element has a malformed hash in its integrity attribute: “%1$S”. The correct format is “<hash algorithm>-<hash value>”.
# LOCALIZATION NOTE: Do not translate "integrity"
InvalidIntegrityLength=The hash contained in the integrity attribute has the wrong length.
# LOCALIZATION NOTE: Do not translate "integrity"
InvalidIntegrityBase64=The hash contained in the integrity attribute could not be decoded.
# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the type of hash algorithm in use (e.g. "sha256"). "%2$S" is the value we saw.
IntegrityMismatch2=None of the “%1$S” hashes in the integrity attribute match the content of the subresource. The computed hash is “%2$S”.
# LOCALIZATION NOTE: "%1$S" is the URI of the sub-resource that cannot be protected using SRI.
IneligibleResource=“%1$S” is not eligible for integrity checks since it’s neither CORS-enabled nor same-origin.
# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the invalid hash algorithm found in the attribute.
UnsupportedHashAlg=Unsupported hash algorithm in the integrity attribute: “%1$S”
# LOCALIZATION NOTE: Do not translate "integrity"
NoValidMetadata=The integrity attribute does not contain any valid metadata.
# LOCALIZATION NOTE: Do not translate "RC4".
WeakCipherSuiteWarning=This site uses the cipher RC4 for encryption, which is deprecated and insecure.
DeprecatedTLSVersion2=This site uses a deprecated version of TLS. Please upgrade to TLS 1.2 or 1.3.
#XCTO: nosniff
# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options: nosniff".
MimeTypeMismatch2=The resource from “%1$S” was blocked due to MIME type (“%2$S”) mismatch (X-Content-Type-Options: nosniff).
# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff".
XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”?
# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff".
XTCOWithMIMEValueMissing=The resource from “%1$S” was not rendered due to an unknown, incorrect or missing MIME type (X-Content-Type-Options: nosniff).
BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type.
# LOCALIZATION NOTE: Do not translate "importScripts()"
BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”).
BlockWorkerWithWrongMimeType=Loading Worker from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
BlockModuleWithWrongMimeType=Loading module from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
# LOCALIZATION NOTE: Do not translate "data: URI".
BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”)
BlockRedirectToDataURI=Redirecting to data: URI not allowed (Blocked loading of: “%1$S”)
# LOCALIZATION NOTE: Do not translate "file: URI". “%1$S” is the whole URI of the loaded file. “%2$S” is the MIME type e.g. "text/plain".
BlockFileScriptWithWrongMimeType=Loading script from file: URI (“%1$S”) was blocked because its MIME type (“%2$S”) is not a valid JavaScript MIME type.
# LOCALIZATION NOTE: “%S” is the whole URI of the loaded file.
BlockExtensionScriptWithWrongExt=Loading script with URI “%S” was blocked because the file extension is not allowed.
RestrictBrowserEvalUsage=eval() and eval-like uses are not allowed in the Parent Process or in System Contexts (Blocked usage in “%1$S”)
# LOCALIZATION NOTE (MixedContentAutoUpgrade):
# %1$S is the URL of the upgraded request; %2$S is the upgraded scheme.
MixedContentAutoUpgrade=Upgrading insecure display request ‘%1$S’ to use ‘%2$S’
# LOCALIZATION NOTE (RunningClearSiteDataValue):
# %S is the URI of the resource whose data was cleaned up
RunningClearSiteDataValue=Clear-Site-Data header forced the clean up of “%S” data.
UnknownClearSiteDataValue=Clear-Site-Data header found. Unknown value “%S”.
# Reporting API
ReportingHeaderInvalidJSON=Reporting Header: invalid JSON value received.
ReportingHeaderInvalidNameItem=Reporting Header: invalid name for group.
ReportingHeaderDuplicateGroup=Reporting Header: ignoring duplicated group named “%S”.
ReportingHeaderInvalidItem=Reporting Header: ignoring invalid item named “%S”.
ReportingHeaderInvalidEndpoint=Reporting Header: ignoring invalid endpoint for item named “%S”.
# LOCALIZATION NOTE(ReportingHeaderInvalidURLEndpoint): %1$S is the invalid URL, %2$S is the group name
ReportingHeaderInvalidURLEndpoint=Reporting Header: ignoring invalid endpoint URL “%1$S” for item named “%2$S”.
FeaturePolicyUnsupportedFeatureName=Feature Policy: Skipping unsupported feature name “%S”.
# TODO: would be nice to add a link to the Feature-Policy MDN documentation here. See bug 1449501
FeaturePolicyInvalidEmptyAllowValue= Feature Policy: Skipping empty allow list for feature: “%S”.
# TODO: would be nice to add a link to the Feature-Policy MDN documentation here. See bug 1449501
FeaturePolicyInvalidAllowValue=Feature Policy: Skipping unsupported allow value “%S”.
# LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI.
ReferrerLengthOverLimitation=HTTP Referrer header: Length is over “%1$S” bytes limit - stripping referrer header down to origin: “%2$S”
# LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI.
ReferrerOriginLengthOverLimitation=HTTP Referrer header: Length of origin within referrer is over “%1$S” bytes limit - removing referrer with origin “%2$S”.
# LOCALIZATION NOTE: Do not translate "no-referrer-when-downgrade", "origin-when-cross-origin" and "unsafe-url". %S is the URI of the loading channel.
ReferrerPolicyDisallowRelaxingWarning=Referrer Policy: Less restricted policies, including ‘no-referrer-when-downgrade’, ‘origin-when-cross-origin’ and ‘unsafe-url’, will be ignored soon for the cross-site request: %S
# LOCALIZATION NOTE: %1$S is the ignored referrer policy, %2$S is the URI of the loading channel.
ReferrerPolicyDisallowRelaxingMessage=Referrer Policy: Ignoring the less restricted referrer policy “%1$S” for the cross-site request: %2$S
# X-Frame-Options
# LOCALIZATION NOTE(XFrameOptionsInvalid): %1$S is the header value, %2$S is frame URI. Do not translate "X-Frame-Options".
XFrameOptionsInvalid = Invalid X-Frame-Options header was found when loading “%2$S”: “%1$S” is not a valid directive.
# LOCALIZATION NOTE(XFrameOptionsDeny): %1$S is the header value, %2$S is frame URI and %3$S is the parent document URI. Do not translate "X-Frame-Options".
XFrameOptionsDeny=The loading of “%2$S” in a frame is denied by “X-Frame-Options“ directive set to “%1$S“.
# HTTPS-Only Mode
# LOCALIZATION NOTE: %1$S is the URL of the upgraded request; %2$S is the upgraded scheme.
HTTPSOnlyUpgradeRequest = Upgrading insecure request “%1$S” to use “%2$S”.
# LOCALIZATION NOTE: %1$S is the URL of request.
HTTPSOnlyNoUpgradeException = Not upgrading insecure request “%1$S” because it is exempt.
# LOCALIZATION NOTE: %1$S is the URL of the failed request; %2$S is an error-code.
HTTPSOnlyFailedRequest = Upgrading insecure request “%1$S” failed. (%2$S)
# LOCALIZATION NOTE: %S is the URL of the failed request;
HTTPSOnlyFailedDowngradeAgain = Upgrading insecure request “%S” failed. Downgrading to “http” again.
# LOCALIZATION NOTE: Hints or indicates a new transaction for a URL is likely coming soon. We use
# a speculative connection to start a TCP connection so that the resource is immediately ready
# when the transaction is actually submitted. HTTPS-Only and HTTPS-First will upgrade such
# speculative TCP connections from http to https.
# %1$S is the URL of the upgraded speculative TCP connection; %2$S is the upgraded scheme.
HTTPSOnlyUpgradeSpeculativeConnection = Upgrading insecure speculative TCP connection “%1$S” to use “%2$S”.
HTTPSFirstSchemeless = Upgrading URL loaded in the address bar without explicit protocol scheme to use HTTPS.
# LOCALIZATION NOTE: %S is the hostname for which a exception will be added;
HTTPSFirstAddingSessionException = Website does not appear to support HTTPS. Further attempts to load “http://%S” securely will be skipped temporarily.
# LOCALIZATION NOTE: %S is the URL of the blocked request;
IframeSandboxBlockedDownload = Download of “%S” was blocked because the triggering iframe has the sandbox flag set.
# LOCALIZATION NOTE: %S is the URL of the blocked request;
SandboxBlockedCustomProtocols = Blocked navigation to custom protocol “%S” from a sandboxed context.
# Sanitizer API
# LOCALIZATION NOTE: Please do not localize "DocumentFragment". It's the name of an API.
SanitizerRcvdNoInput = Received empty or no input. Returning an empty DocumentFragment.
|