-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[4.0] http headers language #20459
[4.0] http headers language #20459
Conversation
Small tweaks to the language file. @zero-24 we could make the strings even simpler and the tool easier to use if the HTTP-Header field was a select of the supported values instead of a free text field - thoughts?
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT="Client" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT_BOTH="Both" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_KEY="HTTP Header" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_VALUE="HTTP Header Value" | ||
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_TITLE="HTTP Security Headers" | ||
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="Joomla! comes with a built-in plugin that handles http security headers. It helps to secure your site by setting the following headers with the default values:<br><ul><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options'>'X-Frame-Options: SAMEORIGIN'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection'>'X-XSS-Protection: 1; mode=block'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options'>'X-Content-Type-Options: nosniff'</a></li><li><a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/'>'Referrer-Policy: no-referrer-when-downgrade'</a></li></ul><br>The full list of supported headers are: <br><ul><li><a href='https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security'>Strict-Transport-Security</a></li><li><a href='https://en.wikipedia.org/wiki/Content_Security_Policy'>Content-Security-Policy</a></li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul><br>These headers help your browser to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking'>Clickjacking</a> attacks." | ||
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="Joomla! comes with a built-in plugin that handles http security headers. It helps to secure your site by setting the following headers with the default values:<br><ul><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options'>'X-Frame-Options: SAMEORIGIN'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-esponse-headers/#x-xss-protection'>'X-XSS-Protection: 1; mode=block'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options'>'X-Content-Type-Options: nosniff'</a></li><li><a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/'>'Referrer-Policy: no-referrer-when-downgrade'</a></li></ul><br>The full list of supported headers are: <br><ul><li><a href='https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security'>Strict-Transport-Security</a></li><li><a href='https://en.wikipedia.org/wiki/Content_Security_Policy'>Content-Security-Policy</a></li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul><br>These headers help your browser to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking'>Clickjacking</a> attacks." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing r
in esponse
in https://scotthelme.co.uk/hardening-your-http-esponse-headers/#x-xss-protection
I have tested this item ✅ successfully on d9c1940 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/20459. |
PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin can set some Security HTTP Headers" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Customise the HTTP Headers" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_DESC="Replace the default headers with your own custom values and add additional headers. The supported headers are: <br><ul><li>Strict-Transport-Security</li><li>Content-Security-Policy</li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul>" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT="Client" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm this string is not used any more? Why do you want to add it back? It is now PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT
;)
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Customise the HTTP Headers" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_DESC="Replace the default headers with your own custom values and add additional headers. The supported headers are: <br><ul><li>Strict-Transport-Security</li><li>Content-Security-Policy</li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul>" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT="Client" | ||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_CLIENT_BOTH="Both" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also this string is not used anymore as it is now: PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT_BOTH
@@ -6,8 +6,11 @@ | |||
COM_PLUGINS_HSTS_FIELDSET_LABEL="Strict-Transport-Security (HSTS)" | |||
COM_PLUGINS_CSP_FIELDSET_LABEL="Content-Security-Policy (CSP)" | |||
PLG_SYSTEM_HTTPHEADERS="System - HTTPHeaders" | |||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Define additional HTTP Header" | |||
PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_DESC="Using this you can set also different values from the default ones and also additional headers when it is supported. The supported headers are: <br><ul><li>Strict-Transport-Security</li><li>Content-Security-Policy</li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul>" | |||
PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin can set some Security HTTP Headers" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This string is translated in line 46 why do we want to add it here too ;)
Yes this could be possible. But I would suggest to do this in a separate PR as this also requires PHP code to change ;) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please see my comments
Obviously made an error doing this from my phone. Closing now and will redo it later or if you think the select is a good idea then I can do new strings after/with that. We don't need to list supported headers in the text any more then as it will be obvious from the select |
Ok I'm going to propose a PR. So we can include the language changes there too. |
Great |
Done: #20491 just let me know what you want to have in there concerning the language strings. |
Great. I Will |
Small tweaks to the language file.
@zero-24 we could make the strings even simpler and the tool easier to use if the HTTP-Header field was a select of the supported values instead of a free text field - thoughts?