tor-browser

csp.properties (18423B)

---

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

# CSP Warnings:

# LOCALIZATION NOTE (CSPInlineStyleViolation):
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. style-src-elem)
# %3$S is a SHA256 hash string.
# Don't translate anything inside ''
CSPInlineStyleViolation2 = The page’s settings blocked an inline style (%2$S) from being applied because it violates the following directive: “%1$S”. Consider using a hash ('sha256-%3$S', requires 'unsafe-hashes' for style attributes) or a nonce.
# LOCALIZATION NOTE (CSPROInlineStyleViolation):
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. style-src-elem)
# %3$S is a SHA256 hash string.
# Don't translate anything inside ''
CSPROInlineStyleViolation2 = (Report-Only policy) The page’s settings would block an inline style (%2$S) from being applied because it violates the following directive: “%1$S”. Consider using a hash ('sha256-%3$S', requires 'unsafe-hashes' for style attributes) or a nonce.
# LOCALIZATION NOTE (CSPInlineScriptViolation):
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. script-src-elem)
# %3$S is a SHA256 hash string.
# Don't translate anything inside ''
CSPInlineScriptViolation2 = The page’s settings blocked an inline script (%2$S) from being executed because it violates the following directive: “%1$S”. Consider using a hash ('sha256-%3$S') or a nonce.
# LOCALIZATION NOTE (CSPROInlineScriptViolation):
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. script-src-elem)
# %3$S is a SHA256 hash string.
# Don't translate anything inside ''
CSPROInlineScriptViolation2 = (Report-Only policy) The page’s settings would block an inline script (%2$S) from being executed because it violates the following directive: “%1$S”. Consider using a hash ('sha256-%3$S') or a nonce.
# LOCALIZATION NOTE (CSPEventHandlerScriptViolation):
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. script-src-attr)
# %3$S is a SHA256 hash string.
# Don't translate anything inside ''
CSPEventHandlerScriptViolation2 = The page’s settings blocked an event handler (%2$S) from being executed because it violates the following directive: “%1$S”. Consider using a hash ('sha256-%3$S') together with 'unsafe-hashes'.
# LOCALIZATION NOTE (CSPROEventHandlerScriptViolation):
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. script-src-attr)
# %3$S is a SHA256 hash string.
# Don't translate anything inside ''
CSPROEventHandlerScriptViolation2 = (Report-Only policy) The page’s settings would block an event handler (%2$S) from being executed because it violates the following directive: “%1$S”. Consider using a hash ('sha256-%3$S') together with 'unsafe-hashes'.
# LOCALIZATION NOTE (CSPEvalScriptViolation):
# Don't translate/change "'unsafe-eval'", including the single quote.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. script-src)
CSPEvalScriptViolation = The page’s settings blocked a JavaScript eval (%2$S) from being executed because it violates the following directive: “%1$S” (Missing 'unsafe-eval')
# LOCALIZATION NOTE (CSPROEvalScriptViolation):
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
# Don't translate/change "'unsafe-eval'", including the single quote.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. script-src)
CSPROEvalScriptViolation = (Report-Only policy) The page’s settings would block a JavaScript eval (%2$S) from being executed because it violates the following directive: “%1$S” (Missing 'unsafe-eval')
# LOCALIZATION NOTE (CSPWasmEvalScriptViolation):
# WebAssembly is a feature name.
# Don't translate/change "'wasm-unsafe-eval'" or "'unsafe-eval'", including the single quote.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. script-src)
CSPWasmEvalScriptViolation = The page’s settings blocked WebAssembly (%2$S) from being executed because it violates the following directive: “%1$S” (Missing 'wasm-unsafe-eval' or 'unsafe-eval')
# LOCALIZATION NOTE (CSPROWasmEvalScriptViolation):
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
# WebAssembly is a feature name.
# Don't translate/change "'wasm-unsafe-eval'" or "'unsafe-eval'", including the single quote.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the type of directive used by the resource (e.g. script-src)
CSPROWasmEvalScriptViolation = (Report-Only policy) The page’s settings would block WebAssembly (%2$S) from being executed because it violates the following directive: “%1$S” (Missing 'wasm-unsafe-eval' or 'unsafe-eval')
# LOCALIZATION NOTE (CSPTrustedTypesPolicyViolation):
# Don't translate "Trusted Types" because it's a feature name.
# %1$S is the entire directive (name and value) that has been violated (e.g. "trusted types X").
CSPTrustedTypesPolicyViolation = The page’s settings blocked creating a Trusted Types policy because it violates the following directive: “%1$S“
# LOCALIZATION_NOTE (CSPROTrustedTypesPolicyViolation):
# Don't translate "Trusted Types" because it's a feature name.
# %1$S is the entire directive (name and value) that has been violated (e.g. "trusted types X").
CSPROTrustedTypesPolicyViolation = (Report-Only policy) The page’s settings would block creating a Trusted Types policy because it violates the following directive: “%1$S“
# LOCALIZATION NOTE (CSPTrustedTypesSinkViolation):
# Don't translate "require-trusted-types-for 'script'", because it's the CSP directive.
CSPTrustedTypesSinkViolation = The page’s settings blocked assigning to an injection sink because it violates the following directive: “require-trusted-types-for ’script’“
# LOCALIZATION NOTE (CSPROTrustedTypesSinkViolation):
# Don't translate "require-trusted-types-for 'script'", because it's the CSP directive.
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
CSPROTrustedTypesSinkViolation = (Report-Only policy) The page’s settings would block assigning to an injection sink because it violates the following directive: “require-trusted-types-for ’script’“
# LOCALIZATION NOTE (CSPStyleViolation):
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the URI of the resource which violated the directive.
# %3$S is the type of directive used by the resource (e.g. style-src)
CSPStyleViolation = The page’s settings blocked a style (%3$S) at %2$S from being applied because it violates the following directive: “%1$S”
# LOCALIZATION NOTE (CSPROStyleViolation):
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the URI of the resource which violated the directive.
# %3$S is the type of directive used by the resource (e.g. style-src)
CSPROStyleViolation = (Report-Only policy) The page’s settings would block a style (%3$S) at %2$S from being applied because it violates the following directive: “%1$S”
# LOCALIZATION NOTE (CSPScriptViolation):
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the URI of the resource which violated the directive.
# %3$S is the type of directive used by the resource (e.g. script-src-elem)
CSPScriptViolation = The page’s settings blocked a script (%3$S) at %2$S from being executed because it violates the following directive: “%1$S”
# LOCALIZATION NOTE (CSPROScriptViolation):
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the URI of the resource which violated the directive.
# %3$S is the type of directive used by the resource (e.g. script-src-elem)
CSPROScriptViolation = (Report-Only policy) The page’s settings would block a script (%3$S) at %2$S from being executed because it violates the following directive: “%1$S”
# LOCALIZATION NOTE (CSPWorkerViolation):
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the URI of the resource which violated the directive.
# %3$S is the type of directive used by the resource (e.g. worker-src)
CSPWorkerViolation = The page’s settings blocked a worker script (%3$S) at %2$S from being executed because it violates the following directive: “%1$S”
# LOCALIZATION NOTE (CSPROWorkerViolation):
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the URI of the resource which violated the directive.
# %3$S is the type of directive used by the resource (e.g. worker-src)
CSPROWorkerViolation = (Report-Only policy) The page’s settings would block a worker script (%3$S) at %2$S from being executed because it violates the following directive: “%1$S”
# LOCALIZATION NOTE (CSPGenericViolation):
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the URI of the resource which violated the directive.
# %3$S is the type of directive used by the resource (e.g. image-src)
CSPGenericViolation = The page’s settings blocked the loading of a resource (%3$S) at %2$S because it violates the following directive: “%1$S”
# LOCALIZATION NOTE (CSPROGenericViolation):
# Don't translate "Report-Only" as it's part of the name Content-Security-Policy-Report-Only.
# %1$S is the entire directive that has been violated. (e.g. "default-src 'none'")
# %2$S is the URI of the resource which violated the directive.
# %3$S is the type of directive used by the resource (e.g. image-src)
CSPROGenericViolation = (Report-Only policy) The page’s settings would block the loading of a resource (%3$S) at %2$S because it violates the following directive: “%1$S”

# LOCALIZATION NOTE (triedToSendReport):
# %1$S is the URI we attempted to send a report to.
triedToSendReport = Tried to send report to invalid URI: “%1$S”
tooManyReports = Prevented too many CSP reports from being sent within a short period of time.
# LOCALIZATION NOTE (couldNotParseReportURI):
# %1$S is the report URI that could not be parsed
couldNotParseReportURI = couldn’t parse report URI: %1$S
# LOCALIZATION NOTE (couldNotProcessUnknownDirective):
# %1$S is the unknown directive
couldNotProcessUnknownDirective = Couldn’t process unknown directive ‘%1$S’
# LOCALIZATION NOTE (ignoringUnknownOption):
# %1$S is the option that could not be understood
ignoringUnknownOption = Ignoring unknown option %1$S
# LOCALIZATION NOTE (ignoringDuplicateSrc):
# %1$S defines the duplicate src
ignoringDuplicateSrc = Ignoring duplicate source %1$S
# LOCALIZATION NOTE (ignoringInvalidToken):
# %1$S defines the name of the directive
# %2$S is the token string containing non-ASCII characters.
ignoringInvalidToken = Ignoring directive ‘%1$S’ because the token contains invalid characters ‘%2$S’
# LOCALIZATION NOTE (ignoringSrcFromMetaCSP):
# %1$S defines the ignored src
ignoringSrcFromMetaCSP = Ignoring source ‘%1$S’ (Not supported when delivered via meta element).
# LOCALIZATION NOTE (ignoringSrcWithinNonceOrHashDirective):
# %1$S is the ignored src (e.g. "unsafe-inline")
# %2$S is the directive (e.g. "script-src-elem")
ignoringSrcWithinNonceOrHashDirective = Ignoring “%1$S” within %2$S: nonce-source or hash-source specified
# LOCALIZATION NOTE (ignoringScriptSrcForStrictDynamic):
# %1$S is the ignored src
# %1$S is the directive src (e.g. "script-src-elem")
# 'strict-dynamic' should not be localized
ignoringScriptSrcForStrictDynamic = Ignoring “%1$S” within %2$S: ‘strict-dynamic’ specified
# LOCALIZATION NOTE (ignoringStrictDynamic):
# %1$S is the ignored src
ignoringStrictDynamic = Ignoring source “%1$S” (Only supported within script-src).
# LOCALIZATION NOTE (ignoringUnsafeEval):
# %1$S is the csp directive (e.g. script-src-elem)
# 'unsafe-eval' and 'wasm-unsafe-eval' should not be localized
ignoringUnsafeEval = Ignoring ‘unsafe-eval’ or ‘wasm-unsafe-eval’ inside “%1$S”.
# LOCALIZATION NOTE (strictDynamicButNoHashOrNonce):
# %1$S is the csp directive that contains 'strict-dynamic'
# 'strict-dynamic' should not be localized
strictDynamicButNoHashOrNonce = Keyword ‘strict-dynamic’ within “%1$S” with no valid nonce or hash might block all scripts from loading
# LOCALIZATION NOTE (reportURInotHttpsOrHttp2):
# %1$S is the ETLD of the report URI that is not HTTP or HTTPS
reportURInotHttpsOrHttp2 = The report URI (%1$S) should be an HTTP or HTTPS URI.
# LOCALIZATION NOTE (reportURINorReportToNotInReportOnlyHeader):
# %1$S is the ETLD of the page with the policy
reportURINorReportToNotInReportOnlyHeader = This site (%1$S) has a Report-Only policy without a report-uri directive nor a report-to directive. CSP will not block and cannot report violations of this policy.
# LOCALIZATION NOTE (failedToParseUnrecognizedSource):
# %1$S is the CSP Source that could not be parsed
failedToParseUnrecognizedSource = Failed to parse unrecognized source %1$S
# LOCALIZATION NOTE (upgradeInsecureRequest):
# %1$S is the URL of the upgraded request; %2$S is the upgraded scheme.
upgradeInsecureRequest = Upgrading insecure request ‘%1$S’ to use ‘%2$S’
# LOCALIZATION NOTE (ignoreSrcForDirective):
ignoreSrcForDirective = Ignoring srcs for directive ‘%1$S’
# LOCALIZATION NOTE (hostNameMightBeKeyword):
# %1$S is the hostname in question and %2$S is the keyword
hostNameMightBeKeyword = Interpreting %1$S as a hostname, not a keyword. If you intended this to be a keyword, use ‘%2$S’ (wrapped in single quotes).
# LOCALIZATION NOTE (notSupportingDirective):
# directive is not supported (e.g. 'reflected-xss')
notSupportingDirective = Not supporting directive ‘%1$S’. Directive and values will be ignored.
# LOCALIZATION NOTE (blockAllMixedContent):
# %1$S is the URL of the blocked resource load.
blockAllMixedContent = Blocking insecure request ‘%1$S’.
# LOCALIZATION NOTE (ignoringDirectiveWithNoValues):
# %1$S is the name of a CSP directive that requires additional values
ignoringDirectiveWithNoValues = Ignoring ‘%1$S’ since it does not contain any parameters.
# LOCALIZATION NOTE (ignoringInvalidGroupSyntax):
# %1$S is the whole group name being parsed
# %2$S is the bad character (e.g. a / slash, $ dollar etc.)
ignoringInvalidGroupSyntax = Ignoring report-to directive group ‘%1$S’ with invalid token ‘%2$S’.
# LOCALIZATION NOTE (ignoringReportOnlyDirective):
# %1$S is the directive that is ignored in report-only mode.
ignoringReportOnlyDirective = Ignoring sandbox directive when delivered in a report-only policy ‘%1$S’
# LOCALIZATION NOTE (IgnoringSrcBecauseOfDirective):
# %1$S is the name of the src that is ignored.
# %2$S is the name of the directive that causes the src to be ignored.
IgnoringSrcBecauseOfDirective=Ignoring ‘%1$S’ because of ‘%2$S’ directive.
# LOCALIZATION NOTE (IgnoringSourceWithinDirective):
# %1$S is the ignored src
# %2$S is the directive  which supports src
IgnoringSourceWithinDirective = Ignoring source “%1$S” (Not supported within ‘%2$S’).
# LOCALIZATION NOTE (IgnoringSourceWithinDirective):
# %1$S is the ignored src
obsoleteBlockAllMixedContent = Ignoring ‘%1$S’ because mixed content display upgrading makes block-all-mixed-content obsolete.


# CSP Errors:
# LOCALIZATION NOTE (couldntParseInvalidSource):
# %1$S is the source that could not be parsed
couldntParseInvalidSource = Couldn’t parse invalid source %1$S
# LOCALIZATION NOTE (couldntParseInvalidHost):
# %1$S is the host that's invalid
couldntParseInvalidHost = Couldn’t parse invalid host %1$S
# LOCALIZATION NOTE (couldntParsePort):
# %1$S is the string source
couldntParsePort = Couldn’t parse port in %1$S
# LOCALIZATION NOTE (duplicateDirective):
# %1$S is the name of the duplicate directive
duplicateDirective = Duplicate %1$S directives detected.  All but the first instance will be ignored.
# LOCALIZATION NOTE (couldntParseInvalidSandboxFlag):
# %1$S is the option that could not be understood
couldntParseInvalidSandboxFlag = Couldn’t parse invalid sandbox flag ‘%1$S’
# LOCALIZATION NOTE (invalidNumberOfTrustedTypesForDirectiveValues):
# %1$S is the number of passed tokens.
invalidNumberOfTrustedTypesForDirectiveValues = Received an invalid number of tokens for the ‘require-trusted-types-for‘ directive: %1$S; expected 1
# LOCALIZATION NOTE (invalidRequireTrustedTypesForDirectiveValue):
# %1$S is the passed token
invalidRequireTrustedTypesForDirectiveValue = Received an invalid token for the ‘require-trusted-types-for‘ directive: %1$S; expected ‘script‘
# LOCALIZATION NOTE (invalidTrustedTypesExpression):
# %1$S is the passed token
invalidTrustedTypesExpression = Received an invalid token for the ‘trusted-types‘ directive: %1$S

# LOCALIZATION NOTE (CSPMessagePrefix):
# Do not translate "Content-Security-Policy", only handle spacing for the colon.
# %S is a console message that is being prefixed here.
CSPMessagePrefix = Content-Security-Policy: %S