From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001 From: "Matt A. Tobin" Date: Fri, 2 Feb 2018 04:16:08 -0500 Subject: Add m-esr52 at 52.6.0 --- dom/locales/en-US/chrome/security/caps.properties | 112 ++++++++++++++++++++ dom/locales/en-US/chrome/security/csp.properties | 116 +++++++++++++++++++++ .../en-US/chrome/security/security.properties | 83 +++++++++++++++ 3 files changed, 311 insertions(+) create mode 100644 dom/locales/en-US/chrome/security/caps.properties create mode 100644 dom/locales/en-US/chrome/security/csp.properties create mode 100644 dom/locales/en-US/chrome/security/security.properties (limited to 'dom/locales/en-US/chrome/security') diff --git a/dom/locales/en-US/chrome/security/caps.properties b/dom/locales/en-US/chrome/security/caps.properties new file mode 100644 index 000000000..22b1f963e --- /dev/null +++ b/dom/locales/en-US/chrome/security/caps.properties @@ -0,0 +1,112 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CheckLoadURIError = Security Error: Content at %S may not load or link to %S. +CheckSameOriginError = Security Error: Content at %S may not load data from %S. +ExternalDataError = Security Error: Content at %S attempted to load %S, but may not load external data when being used as an image. + +# LOCALIZATION NOTE (GetPropertyDeniedOrigins): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the property of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +GetPropertyDeniedOrigins = Permission denied for <%1$S> to get property %2$S.%3$S from <%4$S>. +# LOCALIZATION NOTE (GetPropertyDeniedOriginsSubjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the property of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain". +GetPropertyDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to get property %2$S.%3$S from <%4$S> (document.domain has not been set). +# LOCALIZATION NOTE (GetPropertyDeniedOriginsObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the property of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +# %5$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +GetPropertyDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to get property %2$S.%3$S from <%4$S> (document.domain=<%5$S>). +# LOCALIZATION NOTE (GetPropertyDeniedOriginsSubjectDomainObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the property of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain" +# %6$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +GetPropertyDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to get property %2$S.%3$S from <%4$S> (document.domain=<%6$S>). + +# LOCALIZATION NOTE (SetPropertyDeniedOrigins): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the property of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +SetPropertyDeniedOrigins = Permission denied for <%1$S> to set property %2$S.%3$S on <%4$S>. +# LOCALIZATION NOTE (SetPropertyDeniedOriginsSubjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the property of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain". +SetPropertyDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to set property %2$S.%3$S on <%4$S> (document.domain has not been set). +# LOCALIZATION NOTE (SetPropertyDeniedOriginsObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the property of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +# %5$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +SetPropertyDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to set property %2$S.%3$S on <%4$S> (document.domain=<%5$S>). +# LOCALIZATION NOTE (SetPropertyDeniedOriginsSubjectDomainObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the property of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain" +# %6$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +SetPropertyDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to set property %2$S.%3$S on <%4$S> (document.domain=<%6$S>). + +# LOCALIZATION NOTE (CallMethodDeniedOrigins): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the method of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +CallMethodDeniedOrigins = Permission denied for <%1$S> to call method %2$S.%3$S on <%4$S>. +# LOCALIZATION NOTE (CallMethodDeniedOriginsSubjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the method of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain". +CallMethodDeniedOriginsSubjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to call method %2$S.%3$S on <%4$S> (document.domain has not been set). +# LOCALIZATION NOTE (CallMethodDeniedOriginsObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the method of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +# %5$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +CallMethodDeniedOriginsObjectDomain = Permission denied for <%1$S> (document.domain has not been set) to call method %2$S.%3$S on <%4$S> (document.domain=<%5$S>). +# LOCALIZATION NOTE (CallMethodDeniedOriginsSubjectDomainObjectDomain): +# %1$S is the origin of the script which was denied access. +# %2$S is the type of object it was. +# %3$S is the method of that object that access was denied for. +# %4$S is the origin of the object access was denied to. +# %5$S is the value of document.domain for the script which was denied access; +# don't translate "document.domain" +# %6$S is the value of document.domain for the object being accessed; +# don't translate "document.domain". +CallMethodDeniedOriginsSubjectDomainObjectDomain = Permission denied for <%1$S> (document.domain=<%5$S>) to call method %2$S.%3$S on <%4$S> (document.domain=<%6$S>). + +GetPropertyDeniedOriginsOnlySubject = Permission denied for <%S> to get property %S.%S +SetPropertyDeniedOriginsOnlySubject = Permission denied for <%S> to set property %S.%S +CallMethodDeniedOriginsOnlySubject = Permission denied for <%S> to call method %S.%S +CreateWrapperDenied = Permission denied to create wrapper for object of class %S +CreateWrapperDeniedForOrigin = Permission denied for <%2$S> to create wrapper for object of class %1$S +ProtocolFlagError = Warning: Protocol handler for ‘%S’ doesn’t advertise a security policy. While loading of such protocols is allowed for now, this is deprecated. Please see the documentation in nsIProtocolHandler.idl. diff --git a/dom/locales/en-US/chrome/security/csp.properties b/dom/locales/en-US/chrome/security/csp.properties new file mode 100644 index 000000000..fc7fc04ba --- /dev/null +++ b/dom/locales/en-US/chrome/security/csp.properties @@ -0,0 +1,116 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# CSP Warnings: +# LOCALIZATION NOTE (CSPViolation): +# %1$S is the reason why the resource has not been loaded. +CSPViolation = The page’s settings blocked the loading of a resource: %1$S +# LOCALIZATION NOTE (CSPViolationWithURI): +# %1$S is the directive that has been violated. +# %2$S is the URI of the resource which violated the directive. +CSPViolationWithURI = The page’s settings blocked the loading of a resource at %2$S (“%1$S”). +# LOCALIZATION NOTE (CSPROViolation): +# %1$S is the reason why the resource has not been loaded. +CSPROViolation = A violation occurred for a report-only CSP policy (“%1$S”). The behavior was allowed, and a CSP report was sent. +# LOCALIZATION NOTE (CSPROViolationWithURI): +# %1$S is the directive that has been violated. +# %2$S is the URI of the resource which violated the directive. +CSPROViolationWithURI = The page’s settings observed the loading of a resource at %2$S (“%1$S”). A CSP report is being sent. +# LOCALIZATION NOTE (triedToSendReport): +# %1$S is the URI we attempted to send a report to. +triedToSendReport = Tried to send report to invalid URI: “%1$S” +# LOCALIZATION NOTE (couldNotParseReportURI): +# %1$S is the report URI that could not be parsed +couldNotParseReportURI = couldn’t parse report URI: %1$S +# LOCALIZATION NOTE (couldNotProcessUnknownDirective): +# %1$S is the unknown directive +couldNotProcessUnknownDirective = Couldn’t process unknown directive ‘%1$S’ +# LOCALIZATION NOTE (ignoringUnknownOption): +# %1$S is the option that could not be understood +ignoringUnknownOption = Ignoring unknown option %1$S +# LOCALIZATION NOTE (ignoringDuplicateSrc): +# %1$S defines the duplicate src +ignoringDuplicateSrc = Ignoring duplicate source %1$S +# LOCALIZATION NOTE (ignoringSrcFromMetaCSP): +# %1$S defines the ignored src +ignoringSrcFromMetaCSP = Ignoring source ‘%1$S’ (Not supported when delivered via meta element). +# LOCALIZATION NOTE (ignoringSrcWithinScriptStyleSrc): +# %1$S is the ignored src +# script-src and style-src are directive names and should not be localized +ignoringSrcWithinScriptStyleSrc = Ignoring “%1$S” within script-src or style-src: nonce-source or hash-source specified +# LOCALIZATION NOTE (ignoringSrcForStrictDynamic): +# %1$S is the ignored src +# script-src, as well as 'strict-dynamic' should not be localized +ignoringSrcForStrictDynamic = Ignoring “%1$S” within script-src: ‘strict-dynamic’ specified +# LOCALIZATION NOTE (ignoringStrictDynamic): +# %1$S is the ignored src +ignoringStrictDynamic = Ignoring source “%1$S” (Only supported within script-src). +# LOCALIZATION NOTE (strictDynamicButNoHashOrNonce): +# %1$S is the csp directive that contains 'strict-dynamic' +# 'strict-dynamic' should not be localized +strictDynamicButNoHashOrNonce = Keyword ‘strict-dynamic’ within “%1$S” with no valid nonce or hash might block all scripts from loading +# LOCALIZATION NOTE (reportURInotHttpsOrHttp2): +# %1$S is the ETLD of the report URI that is not HTTP or HTTPS +reportURInotHttpsOrHttp2 = The report URI (%1$S) should be an HTTP or HTTPS URI. +# LOCALIZATION NOTE (reportURInotInReportOnlyHeader): +# %1$S is the ETLD of the page with the policy +reportURInotInReportOnlyHeader = This site (%1$S) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy. +# LOCALIZATION NOTE (failedToParseUnrecognizedSource): +# %1$S is the CSP Source that could not be parsed +failedToParseUnrecognizedSource = Failed to parse unrecognized source %1$S +# LOCALIZATION NOTE (inlineScriptBlocked): +# inline script refers to JavaScript code that is embedded into the HTML document. +inlineScriptBlocked = An attempt to execute inline scripts has been blocked +# LOCALIZATION NOTE (inlineStyleBlocked): +# inline style refers to CSS code that is embedded into the HTML document. +inlineStyleBlocked = An attempt to apply inline style sheets has been blocked +# LOCALIZATION NOTE (scriptFromStringBlocked): +# eval is a name and should not be localized. +scriptFromStringBlocked = An attempt to call JavaScript from a string (by calling a function like eval) has been blocked +# LOCALIZATION NOTE (upgradeInsecureRequest): +# %1$S is the URL of the upgraded request; %2$S is the upgraded scheme. +upgradeInsecureRequest = Upgrading insecure request ‘%1$S’ to use ‘%2$S’ +# LOCALIZATION NOTE (ignoreSrcForDirective): +ignoreSrcForDirective = Ignoring srcs for directive ‘%1$S’ +# LOCALIZATION NOTE (hostNameMightBeKeyword): +# %1$S is the hostname in question and %2$S is the keyword +hostNameMightBeKeyword = Interpreting %1$S as a hostname, not a keyword. If you intended this to be a keyword, use ‘%2$S’ (wrapped in single quotes). +# LOCALIZATION NOTE (notSupportingDirective): +# directive is not supported (e.g. 'reflected-xss') +notSupportingDirective = Not supporting directive ‘%1$S’. Directive and values will be ignored. +# LOCALIZATION NOTE (blockAllMixedContent): +# %1$S is the URL of the blocked resource load. +blockAllMixedContent = Blocking insecure request ‘%1$S’. +# LOCALIZATION NOTE (ignoringDirectiveWithNoValues): +# %1$S is the name of a CSP directive that requires additional values (e.g., 'require-sri-for') +ignoringDirectiveWithNoValues = Ignoring ‘%1$S’ since it does not contain any parameters. +# LOCALIZATION NOTE (ignoringReportOnlyDirective): +# %1$S is the directive that is ignored in report-only mode. +ignoringReportOnlyDirective = Ignoring sandbox directive when delivered in a report-only policy ‘%1$S’ +# LOCALIZATION NOTE (deprecatedReferrerDirective): +# %1$S is the value of the deprecated Referrer Directive. +deprecatedReferrerDirective = Referrer Directive ‘%1$S’ has been deprecated. Please use the Referrer-Policy header instead. + +# CSP Errors: +# LOCALIZATION NOTE (couldntParseInvalidSource): +# %1$S is the source that could not be parsed +couldntParseInvalidSource = Couldn’t parse invalid source %1$S +# LOCALIZATION NOTE (couldntParseInvalidHost): +# %1$S is the host that's invalid +couldntParseInvalidHost = Couldn’t parse invalid host %1$S +# LOCALIZATION NOTE (couldntParseScheme): +# %1$S is the string source +couldntParseScheme = Couldn’t parse scheme in %1$S +# LOCALIZATION NOTE (couldntParsePort): +# %1$S is the string source +couldntParsePort = Couldn’t parse port in %1$S +# LOCALIZATION NOTE (duplicateDirective): +# %1$S is the name of the duplicate directive +duplicateDirective = Duplicate %1$S directives detected. All but the first instance will be ignored. +# LOCALIZATION NOTE (deprecatedDirective): +# %1$S is the name of the deprecated directive, %2$S is the name of the replacement. +deprecatedDirective = Directive ‘%1$S’ has been deprecated. Please use directive ‘%2$S’ instead. +# LOCALIZATION NOTE (couldntParseInvalidSandboxFlag): +# %1$S is the option that could not be understood +couldntParseInvalidSandboxFlag = Couldn’t parse invalid sandbox flag ‘%1$S’ diff --git a/dom/locales/en-US/chrome/security/security.properties b/dom/locales/en-US/chrome/security/security.properties new file mode 100644 index 000000000..8b66cc265 --- /dev/null +++ b/dom/locales/en-US/chrome/security/security.properties @@ -0,0 +1,83 @@ +# Mixed Content Blocker +# LOCALIZATION NOTE: "%1$S" is the URI of the blocked mixed content resource +BlockMixedDisplayContent = Blocked loading mixed display content “%1$S” +BlockMixedActiveContent = Blocked loading mixed active content “%1$S” + +# CORS +# LOCALIZATION NOTE: Do not translate "Access-Control-Allow-Origin", Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers +CORSDisabled=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS disabled). +CORSRequestNotHttp=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request not http). +CORSMissingAllowOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). +CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘%2$S’). +CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘%1$S’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’). +CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’). +CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’). +CORSPreflightDidNotSucceed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight channel did not succeed). +CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Methods’). +CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’). +CORSMissingAllowHeaderFromPreflight=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: missing token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel). + +# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains" +STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site. +STSUntrustworthyConnection=Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored. +STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully. +STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a ‘max-age’ directive. +STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple ‘max-age’ directives. +STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid ‘max-age’ directive. +STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple ‘includeSubDomains’ directives. +STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid ‘includeSubDomains’ directive. +STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host. + +# LOCALIZATION NOTE: Do not translate "Public-Key-Pins", "HPKP", "max-age", "report-uri" or "includeSubDomains" +PKPUnknownError=Public-Key-Pins: An unknown error occurred processing the header specified by the site. +PKPUntrustworthyConnection=Public-Key-Pins: The connection to the site is untrustworthy, so the specified header was ignored. +PKPCouldNotParseHeader=Public-Key-Pins: The site specified a header that could not be parsed successfully. +PKPNoMaxAge=Public-Key-Pins: The site specified a header that did not include a ‘max-age’ directive. +PKPMultipleMaxAges=Public-Key-Pins: The site specified a header that included multiple ‘max-age’ directives. +PKPInvalidMaxAge=Public-Key-Pins: The site specified a header that included an invalid ‘max-age’ directive. +PKPMultipleIncludeSubdomains=Public-Key-Pins: The site specified a header that included multiple ‘includeSubDomains’ directives. +PKPInvalidIncludeSubdomains=Public-Key-Pins: The site specified a header that included an invalid ‘includeSubDomains’ directive. +PKPInvalidPin=Public-Key-Pins: The site specified a header that included an invalid pin. +PKPMultipleReportURIs=Public-Key-Pins: The site specified a header that included multiple ‘report-uri’ directives. +PKPPinsetDoesNotMatch=Public-Key-Pins: The site specified a header that did not include a matching pin. +PKPNoBackupPin=Public-Key-Pins: The site specified a header that did not include a backup pin. +PKPCouldNotSaveState=Public-Key-Pins: An error occurred noting the site as a Public-Key-Pins host. +PKPRootNotBuiltIn=Public-Key-Pins: The certificate used by the site was not issued by a certificate in the default root certificate store. To prevent accidental breakage, the specified header was ignored. + +# LOCALIZATION NOTE: Do not translate "SHA-1" +SHA1Sig=This site makes use of a SHA-1 Certificate; it’s recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1. +InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen. +InsecureFormActionPasswordsPresent=Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen. +InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen. +# LOCALIZATION NOTE: "%1$S" is the URI of the insecure mixed content resource +LoadingMixedActiveContent2=Loading mixed (insecure) active content “%1$S” on a secure page +LoadingMixedDisplayContent2=Loading mixed (insecure) display content “%1$S” on a secure page +# LOCALIZATION NOTE: Do not translate "allow-scripts", "allow-same-origin", "sandbox" or "iframe" +BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing. + +# Sub-Resource Integrity +# LOCALIZATION NOTE: Do not translate "script" or "integrity". "%1$S" is the invalid token found in the attribute. +MalformedIntegrityHash=The script element has a malformed hash in its integrity attribute: “%1$S”. The correct format is “-”. +# LOCALIZATION NOTE: Do not translate "integrity" +InvalidIntegrityLength=The hash contained in the integrity attribute has the wrong length. +# LOCALIZATION NOTE: Do not translate "integrity" +InvalidIntegrityBase64=The hash contained in the integrity attribute could not be decoded. +# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the type of hash algorigthm in use (e.g. "sha256"). +IntegrityMismatch=None of the “%1$S” hashes in the integrity attribute match the content of the subresource. +# LOCALIZATION NOTE: "%1$S" is the URI of the sub-resource that cannot be protected using SRI. +IneligibleResource=“%1$S” is not eligible for integrity checks since it’s neither CORS-enabled nor same-origin. +# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the invalid hash algorithm found in the attribute. +UnsupportedHashAlg=Unsupported hash algorithm in the integrity attribute: “%1$S” +# LOCALIZATION NOTE: Do not translate "integrity" +NoValidMetadata=The integrity attribute does not contain any valid metadata. + +# LOCALIZATION NOTE: Do not translate "RC4". +WeakCipherSuiteWarning=This site uses the cipher RC4 for encryption, which is deprecated and insecure. + +#XCTO: nosniff +# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options: nosniff". +MimeTypeMismatch=The resource from “%1$S” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff). +# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not trasnlate "nosniff". +XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”? + +BlockScriptWithWrongMimeType=Script from “%1$S” was blocked because of a disallowed MIME type. -- cgit v1.2.3