<?php
define('LANG_CSP_CONTROLLER', 'Content Security Policy');
define('LANG_CSP_GEN', 'Content Security Policy generator');
define('LANG_CSP_GEN_HINT', 'Configure your CSP policy and save the settings. This is a section for advanced users, we highly recommend reading the documentation before enabling.');
define('LANG_CSP_ENABLE_CSP', 'Enable CSP HTTP headers');
define('LANG_CSP_ENABLE_CSP_HINT', 'At the initial stage of setup, enable it only with the option «Reports only mode» enabled.');
define('LANG_CSP_IS_REPORT_ONLY', 'Reports only mode');
define('LANG_CSP_IS_REPORT_ONLY_HINT', 'The browser does not block anything; what will be blocked is recorded in the reports.');
define('LANG_CSP_ENABLE_REPORT', 'Enable report logging');
define('LANG_CSP_CSP_STR', 'Current line Content-Security-Policy');
define('LANG_CSP_CSP_STR_HINT', 'Generated automatically from selected options in the generator');
define('LANG_CSP_REPORTS', 'Reports');
define('LANG_CSP_BLOCKED_URI', 'Blocked URL');
define('LANG_CSP_STATUS_CODE', 'HTTP status');
define('LANG_CSP_VIOLATED_DIRECTIVE', 'Violated Directive');
define('LANG_CSP_IP', 'IP address');
define('LANG_CSP_LINE_NUMBER', 'Line number');
define('LANG_CSP_DOCUMENT_URI', 'Page URL');
define('LANG_CSP_EFFECTIVE_DIRECTIVE', 'Effective_ Directive');
define('LANG_CSP_DELETE_CONFIRM', 'Delete selected log items?');
define('LANG_CSP_DELETE_SUCCESS', 'The selected log items were successfully deleted');
define('LANG_CSP_ADD_BLOCK', 'Add directive');
define('LANG_CSP_DOMAIN_PLACEHOLDER', 'List of Hosts/HTTP schemes, separated by spaces');
define('LANG_CSP_DIRECTIVES', ['all' => 'Allows all origins for this resource', 'none' => 'Blocks the use of this resource type', 'self' => 'Matches the current origin but not subdomains', 'data' => 'Matches the data: URI as a content source', 'unsafe-inline' => 'Allows the use of inline resources such as <script> and <style> elements', 'unsafe-hashes' => 'Allows inline scripting to be executed in the JavaScript event handler attribute of an HTML element', 'nonce' => 'Includes the value «nonce» for the directive', 'unsafe-eval' => 'Allows the use of methods such as eval() to interpret code from strings', 'strict-dynamic' => 'Specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce, shall be propagated to all the scripts loaded by that root script']);
define('LANG_CSP_HINTS', ['default-src' => 'The default-src directive specifies the security policy for types of content that are not specifically defined by their own directives.', 'script-src' => 'The script-src directive specifies valid sources for JavaScript. This directive falls back to default-src if not specified. When either script-src or default-src are present the use of inline script and eval() is blocked without the addition of Unsafe Inline and Unsafe Eval respectively.', 'script-src-elem' => 'The script-src-elem directive specifies valid sources for JavaScript in script elements (script requests, script blocks). This directive falls back to script-src (which in turn falls back to default-src) if not specified.', 'script-src-attr' => 'The script-src-attr directive specifies valid sources for JavaScript in attributes like inline handlers. This directive falls back to script-src (which in turn falls back to default-src) if not specified.', 'style-src' => 'The style-src directive specifies valid sources for stylesheets. This directive falls back to default-src if not specified. When either style-src or default-src are present the use of inline <style> elements and HTML style attributes are disabled unless you specify Unsafe Inline.', 'style-src-elem' => 'The style-src-elem directive specifies valid sources for stylesheets, except for styles defined in attributes. This directive falls back to style-src (which falls back to default-src in turn) if not specified.', 'style-src-attr' => 'The style-src-attr directive specifies valid sources for stylesheets in inline attributes. This directive falls back to style-src (which falls back to default-src in turn) if not specified.', 'img-src' => 'The img-src directive specifies valid sources for images and favicons. This directive falls back to default-src if not specified.', 'font-src' => 'The font-src directive specifies valid sources for fonts loaded using @font-face. This directive falls back to default-src if not specified.', 'connect-src' => 'The connect-src directive specifies valid sources for fetch, XMLHttpRequest, WebSocket and EventSource connections. This directive falls back to default-src if not specified.', 'media-src' => 'The media-src directive specifies valid sources for the <audio> and <video> elements. This directive falls back to default-src if not specified.', 'object-src' => 'The object-src directive specifies valid sources for the <object>, <embed> and <applet> elements. This directive falls back to default-src if not specified.', 'child-src' => 'The child-src directive specifies valid sources for elements such as <frame> and <iframe>. This directive falls back to default-src if not specified.', 'frame-src' => 'The frame-src directive specifies valid sources for elements such as <frame> and <iframe>. This directive falls back to child-src if not specified (which falls back to default-src in turn).', 'worker-src' => 'The worker-src directive specifies valid sources for Worker, SharedWorker or ServiceWorker. This directive falls back to child-src if not specified.', 'frame-ancestors' => 'The frame-ancestors directive specifies parents that may embed a page using elements such as <frame> and <iframe>. It replaces the X-Frame-Options header.', 'form-action' => 'The form-action directive specifies locations that can be used for <form> submissions.', 'manifest-src' => 'The manifest-src directive specifies which manifest can be applied to the resource. This directive falls back to default-src if not specified.']);