Bug 1584998: Make x-frame-options work with fission enabled. r=jkt,farre,johannh
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Wed, 30 Oct 2019 17:54:36 +0000
changeset 12390 c685cc6df5e8615917e0f6dbce3e9b7e0d0dbbb2
parent 12389 63d9193424c97a28194954f827eaba3b55ec51bc
child 12391 ced1c72faeb0ce27898f16b1d1c6fb7b4ba8e60a
push id196
push userflodolo@mozilla.com
push dateWed, 06 Nov 2019 08:15:48 +0000
reviewersjkt, farre, johannh
bugs1584998
Bug 1584998: Make x-frame-options work with fission enabled. r=jkt,farre,johannh Differential Revision: https://phabricator.services.mozilla.com/D50588 X-Channel-Repo: mozilla-central X-Channel-Converted-Revision: 5f185a11889bd2a091ccd705acf357a5709d0e1c X-Channel-Repo: releases/mozilla-beta X-Channel-Revision: ef43ee07acdaaa8a86d6ab12fccc5a3e27f44656 X-Channel-Repo: releases/mozilla-release X-Channel-Revision: 0eae18af659f087056bce0f62a325e5e595fff72 X-Channel-Repo: releases/mozilla-esr68 X-Channel-Revision: 2eed5fdce27200f4596a1ce5cf7e7eaebcab160d
browser/chrome/overrides/appstrings.properties
browser/chrome/overrides/netError.dtd
dom/chrome/appstrings.properties
dom/chrome/netError.dtd
mobile/overrides/appstrings.properties
--- a/browser/chrome/overrides/appstrings.properties
+++ b/browser/chrome/overrides/appstrings.properties
@@ -30,15 +30,16 @@ externalProtocolPrompt=An external appli
 externalProtocolUnknown=<Unknown>
 externalProtocolChkMsg=Remember my choice for all links of this type.
 externalProtocolLaunchBtn=Launch application
 malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
 harmfulBlocked=The site at %S has been reported as a potentially harmful site and has been blocked based on your security preferences.
 unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
 deceptiveBlocked=This web page at %S has been reported as a deceptive site and has been blocked based on your security preferences.
 cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
+xfoBlocked=This page has an X-Frame-Options policy that prevents it from being loaded in this context.
 corruptedContentErrorv2=The site at %S has experienced a network protocol violation that cannot be repaired.
 remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox.
 ## LOCALIZATION NOTE (sslv3Used) - Do not translate "%S".
 sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
 inadequateSecurityError=The website tried to negotiate an inadequate level of security.
 blockedByPolicy=Your organization has blocked access to this page or website.
 networkProtocolError=Firefox has experienced a network protocol violation that cannot be repaired.
--- a/browser/chrome/overrides/netError.dtd
+++ b/browser/chrome/overrides/netError.dtd
@@ -184,16 +184,19 @@ was trying to connect. -->
   <li>If your computer or network is protected by a firewall or proxy, make sure
     that &brandShortName; is permitted to access the Web.</li>
 </ul>
 ">
 
 <!ENTITY cspBlocked.title "Blocked by Content Security Policy">
 <!ENTITY cspBlocked.longDesc "<p>&brandShortName; prevented this page from loading in this way because the page has a content security policy that disallows it.</p>">
 
+<!ENTITY xfoBlocked.title "Blocked by X-Frame-Options Policy">
+<!ENTITY xfoBlocked.longDesc "<p>&brandShortName; prevented this page from loading in this context because the page has an X-Frame-Options policy that disallows it.</p>">
+
 <!ENTITY corruptedContentErrorv2.title "Corrupted Content Error">
 <!ENTITY corruptedContentErrorv2.longDesc "<p>The page you are trying to view cannot be shown because an error in the data transmission was detected.</p><ul><li>Please contact the website owners to inform them of this problem.</li></ul>">
 
 <!ENTITY securityOverride.exceptionButton1Label "Accept the Risk and Continue">
 
 <!ENTITY errorReporting.automatic2 "Report errors like this to help Mozilla identify and block malicious sites">
 <!ENTITY errorReporting.learnMore "Learn moreā€¦">
 
--- a/dom/chrome/appstrings.properties
+++ b/dom/chrome/appstrings.properties
@@ -29,15 +29,16 @@ externalProtocolPrompt=An external appli
 externalProtocolUnknown=<Unknown>
 externalProtocolChkMsg=Remember my choice for all links of this type.
 externalProtocolLaunchBtn=Launch application
 malwareBlocked=The site at %S has been reported as an attack site and has been blocked based on your security preferences.
 harmfulBlocked=The site at %S has been reported as a potentially harmful site and has been blocked based on your security preferences.
 unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
 deceptiveBlocked=This web page at %S has been reported as a deceptive site and has been blocked based on your security preferences.
 cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
+xfoBlocked=This page has an X-Frame-Options policy that prevents it from being loaded in this context.
 corruptedContentErrorv2=The site at %S has experienced a network protocol violation that cannot be repaired.
 remoteXUL=This page uses an unsupported technology that is no longer available by default.
 sslv3Used=The safety of your data on %S could not be guaranteed because it uses SSLv3, a broken security protocol.
 weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, the connection to this website has not been established.
 inadequateSecurityError=The website tried to negotiate an inadequate level of security.
 blockedByPolicy=Your organization has blocked access to this page or website.
 networkProtocolError=Firefox has experienced a network protocol violation that cannot be repaired.
--- a/dom/chrome/netError.dtd
+++ b/dom/chrome/netError.dtd
@@ -82,16 +82,19 @@
 <!ENTITY securityOverride.warningContent "
 <p>You should not add an exception if you are using an internet connection that you do not trust completely or if you are not used to seeing a warning for this server.</p>
 <p>If you still wish to add an exception for this site, you can do so in your advanced encryption settings.</p>
 ">
 
 <!ENTITY cspBlocked.title "Blocked by Content Security Policy">
 <!ENTITY cspBlocked.longDesc "<p>The browser prevented this page from loading in this way because the page has a content security policy that disallows it.</p>">
 
+<!ENTITY xfoBlocked.title "Blocked by X-Frame-Options Policy">
+<!ENTITY xfoBlocked.longDesc "<p>The browser prevented this page from loading in this context because the page has an X-Frame-Options policy that disallows it.</p>">
+
 <!ENTITY corruptedContentErrorv2.title "Corrupted Content Error">
 <!ENTITY corruptedContentErrorv2.longDesc "<p>The page you are trying to view cannot be shown because an error in the data transmission was detected.</p><ul><li>Please contact the website owners to inform them of this problem.</li></ul>">
 
 <!ENTITY remoteXUL.title "Remote XUL">
 <!ENTITY remoteXUL.longDesc "<p><ul><li>Please contact the website owners to inform them of this problem.</li></ul></p>">
 
 <!ENTITY inadequateSecurityError.title "Your connection is not secure">
 <!-- LOCALIZATION NOTE (inadequateSecurityError.longDesc) - Do not translate
--- a/mobile/overrides/appstrings.properties
+++ b/mobile/overrides/appstrings.properties
@@ -1,12 +1,16 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
+# BEFORE EDITING THIS FILE, PLEASE NOTE:
+# These strings are only here to support shipping Fennec ESR.
+# They are unused in GeckoView, so please don't make any changes.
+
 malformedURI2=The URL is not valid and cannot be loaded.
 fileNotFound=Firefox can't find the file at %S.
 fileAccessDenied=The file at %S is not readable.
 dnsNotFound2=Firefox can't find the server at %S.
 unknownProtocolFound=Firefox doesn't know how to open this address, because one of the following protocols (%S) isn't associated with any program or is not allowed in this context.
 connectionFailure=Firefox can't establish a connection to the server at %S.
 netInterrupt=The connection to %S was interrupted while the page was loading.
 netTimeout=The server at %S is taking too long to respond.