Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.0] http headers language #20459

Closed
wants to merge 3 commits into from
Closed

[4.0] http headers language #20459

wants to merge 3 commits into from

Conversation

brianteeman
Copy link
Contributor

Small tweaks to the language file.

@zero-24 we could make the strings even simpler and the tool easier to use if the HTTP-Header field was a select of the supported values instead of a free text field - thoughts?

@brianteeman
[4.0] http headers language
e2bcabd 
Small tweaks to the language file.

@zero-24 we could make the strings even simpler and the tool easier to use if the HTTP-Header field was a select of the supported values instead of a free text field - thoughts?
@joomla-cms-bot joomla-cms-bot added Language Change This is for Translators PR-4.0-dev labels May 19, 2018
Quy
Quy reviewed May 19, 2018
View reviewed changes
administrator/language/en-GB/en-GB.plg_system_httpheaders.ini Outdated
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT="Client"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT_BOTH="Both"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_KEY="HTTP Header"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_VALUE="HTTP Header Value"
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_TITLE="HTTP Security Headers"
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="Joomla! comes with a built-in plugin that handles http security headers. It helps to secure your site by setting the following headers with the default values:<br><ul><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options'>'X-Frame-Options: SAMEORIGIN'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection'>'X-XSS-Protection: 1; mode=block'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options'>'X-Content-Type-Options: nosniff'</a></li><li><a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/'>'Referrer-Policy: no-referrer-when-downgrade'</a></li></ul><br>The full list of supported headers are: <br><ul><li><a href='https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security'>Strict-Transport-Security</a></li><li><a href='https://en.wikipedia.org/wiki/Content_Security_Policy'>Content-Security-Policy</a></li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul><br>These headers help your browser to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking'>Clickjacking</a> attacks."
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="Joomla! comes with a built-in plugin that handles http security headers. It helps to secure your site by setting the following headers with the default values:<br><ul><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options'>'X-Frame-Options: SAMEORIGIN'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-esponse-headers/#x-xss-protection'>'X-XSS-Protection: 1; mode=block'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options'>'X-Content-Type-Options: nosniff'</a></li><li><a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/'>'Referrer-Policy: no-referrer-when-downgrade'</a></li></ul><br>The full list of supported headers are: <br><ul><li><a href='https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security'>Strict-Transport-Security</a></li><li><a href='https://en.wikipedia.org/wiki/Content_Security_Policy'>Content-Security-Policy</a></li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul><br>These headers help your browser to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking'>Clickjacking</a> attacks."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing r in esponse in https://scotthelme.co.uk/hardening-your-http-esponse-headers/#x-xss-protection

@Quy
Copy link
Contributor

Quy commented May 19, 2018

I have tested this item ✅ successfully on d9c1940

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20459.

zero-24
zero-24 reviewed May 19, 2018
View reviewed changes
administrator/language/en-GB/en-GB.plg_system_httpheaders.ini
PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin can set some Security HTTP Headers"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Customise the HTTP Headers"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_DESC="Replace the default headers with your own custom values and add additional headers. The supported headers are: <br><ul><li>Strict-Transport-Security</li><li>Content-Security-Policy</li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul>"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT="Client"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm this string is not used any more? Why do you want to add it back? It is now PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT ;)

zero-24
zero-24 reviewed May 19, 2018
View reviewed changes
administrator/language/en-GB/en-GB.plg_system_httpheaders.ini
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Customise the HTTP Headers"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_DESC="Replace the default headers with your own custom values and add additional headers. The supported headers are: <br><ul><li>Strict-Transport-Security</li><li>Content-Security-Policy</li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul>"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT="Client"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT_BOTH="Both"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also this string is not used anymore as it is now: PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT_BOTH

zero-24
zero-24 reviewed May 19, 2018
View reviewed changes
administrator/language/en-GB/en-GB.plg_system_httpheaders.ini
@@ -6,8 +6,11 @@
COM_PLUGINS_HSTS_FIELDSET_LABEL="Strict-Transport-Security (HSTS)"
COM_PLUGINS_CSP_FIELDSET_LABEL="Content-Security-Policy (CSP)"
PLG_SYSTEM_HTTPHEADERS="System - HTTPHeaders"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Define additional HTTP Header"
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_DESC="Using this you can set also different values from the default ones and also additional headers when it is supported. The supported headers are: <br><ul><li>Strict-Transport-Security</li><li>Content-Security-Policy</li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul>"
PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin can set some Security HTTP Headers"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This string is translated in line 46 why do we want to add it here too ;)

@zero-24
Copy link
Contributor

zero-24 commented May 19, 2018

we could make the strings even simpler and the tool easier to use if the HTTP-Header field was a select of the supported values instead of a free text field - thoughts?

Yes this could be possible. But I would suggest to do this in a separate PR as this also requires PHP code to change ;)

zero-24
zero-24 requested changes May 19, 2018
View reviewed changes
Copy link
Contributor

@zero-24 zero-24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please see my comments

@brianteeman
Copy link
Contributor Author

Obviously made an error doing this from my phone. Closing now and will redo it later or if you think the select is a good idea then I can do new strings after/with that. We don't need to list supported headers in the text any more then as it will be obvious from the select

@zero-24
Copy link
Contributor

zero-24 commented May 19, 2018

Ok I'm going to propose a PR. So we can include the language changes there too.

@brianteeman
Copy link
Contributor Author

Great

@zero-24 zero-24 mentioned this pull request May 19, 2018
Merged
@zero-24
Copy link
Contributor

zero-24 commented May 19, 2018

Done: #20491 just let me know what you want to have in there concerning the language strings.

@brianteeman
Copy link
Contributor Author

Great. I Will

@brianteeman brianteeman deleted the paris branch May 28, 2018 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Quy Quy Quy left review comments

@zero-24 zero-24 zero-24 requested changes

Assignees
No one assigned
Labels
Language Change This is for Translators
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@brianteeman @Quy @zero-24 @joomla-cms-bot