Skip to content
Permalink
Browse files

drop static header options

  • Loading branch information...
zero-24 committed Jul 29, 2019
1 parent 9090472 commit c215e9e8262f784875ce150ba6f372da4a6c8e8f
@@ -27,16 +27,11 @@ PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE="Important"
PLG_SYSTEM_HTTPHEADERS_HSTS_PRELOAD_NOTE_DESC="HSTS means that your domain can no longer be called without HTTPS. Once added to the preload list, this is not easy to undo. Domains can be removed, but it takes months for users to make a change with a browser update.<br><strong>This option is very important to prevent 'man-in-the-middle attacks', so it should be activated in any case, but only if you are sure that HTTPS is supported for domain and all subdomains in the long run! The value for 'max-age' must be set to 63072000 (2 years) for recording.</strong>"
PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS_DESC="HSTS should also be enabled <strong>for subdomains</strong> usually the subdomain 'www' is taken into account when creating the SSL certificate. If further subdomains are used, please note that they are also provided with a valid SSL certificate."
PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS="Also for subdomains"
PLG_SYSTEM_HTTPHEADERS_MESSAGE_STATICHEADERS_NOT_WRITTEN_NO_SERVER_CONFIGFILE_FOUND="We couldn't find any active .htaccess or web.config file to apply the rules to. Please first rename the htaccess.txt to .htaccess or web.config.txt to web.config and make sure the configuration files works."
PLG_SYSTEM_HTTPHEADERS_MESSAGE_STATICHEADERS_WRITTEN="All static headers have been written to the server configuration file (%s)."
PLG_SYSTEM_HTTPHEADERS_MESSAGE_STATICHEADERS_NOT_WRITTEN="Your %1$s file is not writable or there was a problem creating the file. You will have to upload the following code by hand. Select the following code and then paste into a new text file. Name this file '%1$s' and upload it to your site root folder.<br><pre>%2$s</pre>"
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_TITLE="HTTP Security Headers"
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="<p>Joomla! comes with a built-in set of tools that help you to handle http security headers. These headers help your browser for example to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting' target='_blank' rel='noopener noreferrer'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking' target='_blank' rel='noopener noreferrer'>Clickjacking</a> attacks.</p><p>You can find more details in the <a href='https://docs.joomla.org/Special:MyLanguage/J4.x:Http_Header_Management' target='_blank' rel='noopener noreferrer'>HTTP Header Management Tutorial in the Joomla! Documentation.</a></p>"
PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_ACTION="Enable default security headers"
; Please do not translate the following 3 language strings
PLG_SYSTEM_HTTPHEADERS_REFERRERPOLICY="<a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/' target='_blank' rel='noopener noreferrer'>Referrer-Policy</a>"
PLG_SYSTEM_HTTPHEADERS_WRITE_STATIC_HEADERS="Write headers to the configuration file"
PLG_SYSTEM_HTTPHEADERS_WRITE_STATIC_HEADERS_DESC="When enabled the headers (excluding the Content-Security-Policy) will be added to the existing server configuration file as soon as you save this extension. This way the headers will be enforced from the server side. At this time we only support .htaccess (Apache) and web.config (IIS) files."
PLG_SYSTEM_HTTPHEADERS_XCONTENTTYPEOPTIONS="<a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options' target='_blank' rel='noopener noreferrer'>X-Content-Type-Options</a>"
PLG_SYSTEM_HTTPHEADERS_XFRAMEOPTIONS="<a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options' target='_blank' rel='noopener noreferrer'>X-Frame-Options</a>"
; Please do not translate 'HTTP Security Headers' in the following language string

0 comments on commit c215e9e

Please sign in to comment.
You can’t perform that action at this time.