Bug 1301529 - Remove X-Frame-Options allow-from. r=ckerschb
authorJonathan Kingston <jkt@mozilla.com>
Wed, 24 Jul 2019 12:23:32 +0000
changeset 11747 cc1a103e807dcc75a3d3b64567d456a84fa70ab2
parent 11746 853e92b91d753d309d2339d960dc69c95b65308d
child 11748 c2d4e685dada59fd75e8c29791f8285c4052e633
push id156
push userflodolo@mozilla.com
push dateMon, 29 Jul 2019 09:39:25 +0000
reviewersckerschb
bugs1301529
Bug 1301529 - Remove X-Frame-Options allow-from. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D38672 X-Channel-Repo: mozilla-central X-Channel-Converted-Revision: b0e249d06e391d7b66a3c54af6c4a418f0ccb9e1 X-Channel-Repo: releases/mozilla-beta X-Channel-Revision: e5d98eda2ec359a0968c567076b1a625cb6c99ce X-Channel-Repo: releases/mozilla-release X-Channel-Revision: 2fb19d0466d2f61674c0af80813645cccd510593 X-Channel-Repo: releases/mozilla-esr68 X-Channel-Revision: a8da73ce90a4110e14caaba3e93d8a086b3a0669
dom/chrome/security/security.properties
--- a/dom/chrome/security/security.properties
+++ b/dom/chrome/security/security.properties
@@ -121,8 +121,16 @@ FeaturePolicyUnsupportedFeatureName=Feature Policy: Skipping unsupported feature name “%S”.
 FeaturePolicyInvalidEmptyAllowValue= Feature Policy: Skipping empty allow list for feature: “%S”.
 # TODO: would be nice to add a link to the Feature-Policy MDN documentation here. See bug 1449501
 FeaturePolicyInvalidAllowValue=Feature Policy: Skipping unsupported allow value “%S”.
 
 # LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI.
 ReferrerLengthOverLimitation=HTTP Referrer header: Length is over “%1$S” bytes limit - stripping referrer header down to origin: “%2$S”
 # LOCALIZATION NOTE: "%1$S" is the limitation length (bytes) of referrer URI, "%2$S" is the origin of the referrer URI.
 ReferrerOriginLengthOverLimitation=HTTP Referrer header: Length of origin within referrer is over “%1$S” bytes limit - removing referrer with origin “%2$S”.
+
+# X-Frame-Options
+# LOCALIZATION NOTE: %1$S is the header value, %2$S is frame URI and %3$S is the parent document URI.
+XFOInvalid = Invalid X-Frame-Options: “%1$S” header from “%2$S” loaded into “%3$S”.
+# LOCALIZATION NOTE: %1$S is the header value, %2$S is frame URI and %3$S is the parent document URI.
+XFODeny = Load denied by X-Frame-Options: “%1$S” from “%2$S”, site does not permit any framing. Attempted to load into “%3$S”.
+# LOCALIZATION NOTE: %1$S is the header value, %2$S is frame URI and %3$S is the parent document URI.
+XFOSameOrigin = Load denied by X-Frame-Options: “%1$S” from “%2$S”, site does not permit cross-origin framing from “%3$S”.