-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
/
Copy pathplg_system_httpheaders.ini
63 lines (61 loc) · 7.69 KB
/
plg_system_httpheaders.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
; Joomla! Project
; (C) 2018 Open Source Matters, Inc. <https://www.joomla.org>
; License GNU General Public License version 2 or later; see LICENSE.txt
; Note : All ini files need to be saved as UTF-8
; Please do not translate the word 'HTTP Headers' in the following two language strings
PLG_SYSTEM_HTTPHEADERS="System - HTTP Headers"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Force HTTP Headers"
; Please do not translate the word 'HTTP Header' in the following two language strings
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_KEY="HTTP Header"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_VALUE="HTTP Header Value"
; Please do not translate the following language string
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP' target='_blank' rel='noopener noreferrer'>Content Security Policy (CSP)</a>"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_CLIENT="Client"
; Please do not translate the following language string
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED="frame-ancestors 'self'"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_FRAME_ANCESTORS_SELF_ENABLED_DESC="Enable the CSP clickjacking protection frame-ancestors and only allow the origin 'self'. Please use the form below to allow origins other than 'self'."
; Please only change the URL in the following language string
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src' target='_blank' rel='noopener noreferrer'>Nonce</a>"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_NONCE_ENABLED_DESC="Enable the whitelist for specific inline scripts using a cryptographic nonce (number used once) for all scripts and styles using the Joomla API. Specifying a nonce makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without nonce support."
; Please do not translate 'Content-Security-Policy' & 'Content-Security-Policy-Report-Only' in the following language string
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY_DESC="Use the header 'Content-Security-Policy-Report-Only' instead of 'Content-Security-Policy'."
; Please do not translate the following two language strings
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY="Report-Only"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED="strict-dynamic"
; Please do not translate 'strict-dynamic', 'self' and 'unsafe-inline' in the following language string
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STRICT_DYNAMIC_ENABLED_DESC="The strict-dynamic source expression specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce or a hash, shall be propagated to all the scripts loaded by that root script. At the same time, any allowed or source expressions such as 'self' or 'unsafe-inline' will be ignored."
; Please only change the URL in the following language string
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src' target='_blank' rel='noopener noreferrer'>Script hashes</a>"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_SCRIPT_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline scripts using a cryptographic hash for all scripts using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support."
; Please only change the URL in the following language string
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src' target='_blank' rel='noopener noreferrer'>Style hashes</a>"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_STYLE_HASHES_ENABLED_DESC="Enable the optional hash based whitelist inline styles using a cryptographic hash for all styles using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support."
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES="Add Directive"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_DIRECTIVE="Policy Directive"
PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_VALUE="Value"
; Please do not translate the following language string
PLG_SYSTEM_HTTPHEADERS_COOP="Cross-Origin-Opener-Policy"
PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT="Client"
PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT_BOTH="Both"
; Please do not translate the following language string
PLG_SYSTEM_HTTPHEADERS_HSTS="<a href='https://hstspreload.org' target='_blank' rel='noopener noreferrer'>HTTP Strict Transport Security (HSTS)</a>"
; Please do not translate the following language string
PLG_SYSTEM_HTTPHEADERS_HSTS_MAXAGE="max-age"
; Please do not translate 'max-age' in the following language string
PLG_SYSTEM_HTTPHEADERS_HSTS_MAXAGE_DESC="This option sets the time for 'max-age', it is specified in seconds. The default value is 31536000, which corresponds to one year"
; Please do not translate the following language string
PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD="Preload"
PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_DESC="This option activates the opt-in for inclusion in so-called browser preload lists."
PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE="Important"
; Please do not translate 'max-age' in the following language string
PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE_DESC="HSTS means that your domain can no longer be called without HTTPS. Once added to the preload list, this is not easy to undo. Domains can be removed, but it takes months for users to make a change with a browser update.<br><strong>This option is very important to prevent 'man-in-the-middle attacks', so it should be activated in any case, but only if you are sure that HTTPS is supported for domain and all subdomains in the long run! The value for 'max-age' must be set to 63072000 (2 years) for recording.</strong>"
PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS="Also for subdomains"
PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS_DESC="HSTS should also be enabled <strong>for subdomains</strong> usually the subdomain 'www' is taken into account when creating the SSL certificate. If further subdomains are used, please note that they are also provided with a valid SSL certificate."
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_ACTION="Enable default security headers"
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="<p>Joomla! comes with a built-in set of tools that help you to handle http security headers. These headers help your browser for example to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting' target='_blank' rel='noopener noreferrer'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking' target='_blank' rel='noopener noreferrer'>Clickjacking</a> attacks.</p><p>You can find more details in the <a href='https://docs.joomla.org/Special:MyLanguage/J4.x:Http_Header_Management' target='_blank' rel='noopener noreferrer'>HTTP Header Management Tutorial in the Joomla! Documentation.</a></p>"
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_TITLE="HTTP Security Headers"
; Please do not translate the following two language strings
PLG_SYSTEM_HTTPHEADERS_REFERRERPOLICY="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy' target='_blank' rel='noopener noreferrer'>Referrer-Policy</a>"
PLG_SYSTEM_HTTPHEADERS_XFRAMEOPTIONS="<a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options' target='_blank' rel='noopener noreferrer'>X-Frame-Options</a>"
; Please do not translate 'HTTP Security Headers' in the following language string
PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin helps you to set the HTTP Security Headers"