summaryrefslogtreecommitdiffstats
path: root/dom/locales/en-US/chrome/security/security.properties
diff options
context:
space:
mode:
Diffstat (limited to 'dom/locales/en-US/chrome/security/security.properties')
-rw-r--r--dom/locales/en-US/chrome/security/security.properties83
1 files changed, 83 insertions, 0 deletions
diff --git a/dom/locales/en-US/chrome/security/security.properties b/dom/locales/en-US/chrome/security/security.properties
new file mode 100644
index 000000000..8b66cc265
--- /dev/null
+++ b/dom/locales/en-US/chrome/security/security.properties
@@ -0,0 +1,83 @@
+# Mixed Content Blocker
+# LOCALIZATION NOTE: "%1$S" is the URI of the blocked mixed content resource
+BlockMixedDisplayContent = Blocked loading mixed display content “%1$S”
+BlockMixedActiveContent = Blocked loading mixed active content “%1$S”
+
+# CORS
+# LOCALIZATION NOTE: Do not translate "Access-Control-Allow-Origin", Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers
+CORSDisabled=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS disabled).
+CORSRequestNotHttp=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request not http).
+CORSMissingAllowOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
+CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘%2$S’).
+CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘%1$S’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’).
+CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’).
+CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’).
+CORSPreflightDidNotSucceed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight channel did not succeed).
+CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Methods’).
+CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’).
+CORSMissingAllowHeaderFromPreflight=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: missing token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).
+
+# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains"
+STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site.
+STSUntrustworthyConnection=Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
+STSCouldNotParseHeader=Strict-Transport-Security: The site specified a header that could not be parsed successfully.
+STSNoMaxAge=Strict-Transport-Security: The site specified a header that did not include a ‘max-age’ directive.
+STSMultipleMaxAges=Strict-Transport-Security: The site specified a header that included multiple ‘max-age’ directives.
+STSInvalidMaxAge=Strict-Transport-Security: The site specified a header that included an invalid ‘max-age’ directive.
+STSMultipleIncludeSubdomains=Strict-Transport-Security: The site specified a header that included multiple ‘includeSubDomains’ directives.
+STSInvalidIncludeSubdomains=Strict-Transport-Security: The site specified a header that included an invalid ‘includeSubDomains’ directive.
+STSCouldNotSaveState=Strict-Transport-Security: An error occurred noting the site as a Strict-Transport-Security host.
+
+# LOCALIZATION NOTE: Do not translate "Public-Key-Pins", "HPKP", "max-age", "report-uri" or "includeSubDomains"
+PKPUnknownError=Public-Key-Pins: An unknown error occurred processing the header specified by the site.
+PKPUntrustworthyConnection=Public-Key-Pins: The connection to the site is untrustworthy, so the specified header was ignored.
+PKPCouldNotParseHeader=Public-Key-Pins: The site specified a header that could not be parsed successfully.
+PKPNoMaxAge=Public-Key-Pins: The site specified a header that did not include a ‘max-age’ directive.
+PKPMultipleMaxAges=Public-Key-Pins: The site specified a header that included multiple ‘max-age’ directives.
+PKPInvalidMaxAge=Public-Key-Pins: The site specified a header that included an invalid ‘max-age’ directive.
+PKPMultipleIncludeSubdomains=Public-Key-Pins: The site specified a header that included multiple ‘includeSubDomains’ directives.
+PKPInvalidIncludeSubdomains=Public-Key-Pins: The site specified a header that included an invalid ‘includeSubDomains’ directive.
+PKPInvalidPin=Public-Key-Pins: The site specified a header that included an invalid pin.
+PKPMultipleReportURIs=Public-Key-Pins: The site specified a header that included multiple ‘report-uri’ directives.
+PKPPinsetDoesNotMatch=Public-Key-Pins: The site specified a header that did not include a matching pin.
+PKPNoBackupPin=Public-Key-Pins: The site specified a header that did not include a backup pin.
+PKPCouldNotSaveState=Public-Key-Pins: An error occurred noting the site as a Public-Key-Pins host.
+PKPRootNotBuiltIn=Public-Key-Pins: The certificate used by the site was not issued by a certificate in the default root certificate store. To prevent accidental breakage, the specified header was ignored.
+
+# LOCALIZATION NOTE: Do not translate "SHA-1"
+SHA1Sig=This site makes use of a SHA-1 Certificate; it’s recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
+InsecurePasswordsPresentOnPage=Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
+InsecureFormActionPasswordsPresent=Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.
+InsecurePasswordsPresentOnIframe=Password fields present on an insecure (http://) iframe. This is a security risk that allows user login credentials to be stolen.
+# LOCALIZATION NOTE: "%1$S" is the URI of the insecure mixed content resource
+LoadingMixedActiveContent2=Loading mixed (insecure) active content “%1$S” on a secure page
+LoadingMixedDisplayContent2=Loading mixed (insecure) display content “%1$S” on a secure page
+# LOCALIZATION NOTE: Do not translate "allow-scripts", "allow-same-origin", "sandbox" or "iframe"
+BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
+
+# Sub-Resource Integrity
+# LOCALIZATION NOTE: Do not translate "script" or "integrity". "%1$S" is the invalid token found in the attribute.
+MalformedIntegrityHash=The script element has a malformed hash in its integrity attribute: “%1$S”. The correct format is “<hash algorithm>-<hash value>”.
+# LOCALIZATION NOTE: Do not translate "integrity"
+InvalidIntegrityLength=The hash contained in the integrity attribute has the wrong length.
+# LOCALIZATION NOTE: Do not translate "integrity"
+InvalidIntegrityBase64=The hash contained in the integrity attribute could not be decoded.
+# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the type of hash algorigthm in use (e.g. "sha256").
+IntegrityMismatch=None of the “%1$S” hashes in the integrity attribute match the content of the subresource.
+# LOCALIZATION NOTE: "%1$S" is the URI of the sub-resource that cannot be protected using SRI.
+IneligibleResource=“%1$S” is not eligible for integrity checks since it’s neither CORS-enabled nor same-origin.
+# LOCALIZATION NOTE: Do not translate "integrity". "%1$S" is the invalid hash algorithm found in the attribute.
+UnsupportedHashAlg=Unsupported hash algorithm in the integrity attribute: “%1$S”
+# LOCALIZATION NOTE: Do not translate "integrity"
+NoValidMetadata=The integrity attribute does not contain any valid metadata.
+
+# LOCALIZATION NOTE: Do not translate "RC4".
+WeakCipherSuiteWarning=This site uses the cipher RC4 for encryption, which is deprecated and insecure.
+
+#XCTO: nosniff
+# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options: nosniff".
+MimeTypeMismatch=The resource from “%1$S” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).
+# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not trasnlate "nosniff".
+XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”?
+
+BlockScriptWithWrongMimeType=Script from “%1$S” was blocked because of a disallowed MIME type.