1809601 - Remove do-no-translate comment for group CSP option

Status: RESOLVED FIXED

(DevTools :: Console, task)

Description

[Francesco Lodolo [:flod]]

# LOCALIZATION NOTE (webconsole.group.csp): Do not translate "Content Security Policy".

This is not accurate, as we've been translating this without any indication that it shouldn't be translated, and Microsoft seems to be doing the same for most languages.

https://transvision.flod.org/?recherche=content+security+policy&repo=gecko_strings&sourcelocale=en-US&locale=de&search_type=strings_entities

https://www.microsoft.com/en-us/language/Search?&searchTerm=Content%20Security%20Policy&langID=354&Source=true&productid=undefined

I don't think we should be translating this, considering that is literally the name of the header.

As far as I understand, the header is Content-Security-Policy (with hyphens).
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://content-security-policy.com/

Comment 1

[Francesco Lodolo [:flod]]

Attachment: Bug 1809601 - Use "Content-Security-Policy" for group CSP option, r=nchevobbe!

Comment 2

[Nicolas Chevobbe [:nchevobbe]]

Thanks flod for raising this issue

I see your point, I'm a bit on the fence about this.
The feature is about grouping those CSP messages in the console, so it would look like

▶︎ Content Security Policy warnings

and then when you expand it

▼ Content Security Policy warning
| Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src-elem").
| Content Security Policy: The page's settings blocked the loading of a resource at https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2Feditor-starter-node.svg?v=1639352324133 ("img-src")

So if we translate the message of the group, we would have (e.g. in French)

▶︎ Avertissements de stratégie de sécurité de contenu

and

▼ Avertissements de stratégie de sécurité de contenu
| Content Security Policy: Les paramètres de la page ont empêché le chargement d'une ressource ("script-src-elem").
| Content Security Policy: Les paramètres de la page ont empêché le chargement d'une ressource à https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2Feditor-starter-node.svg?v=1639352324133 ("img-src")

Since the Content Security Policy prefix isn't translated (see nsCSPUtils.cpp) and given the group is collapsed by default it might not be obvious that it holds CSP warnings ?

I'd like us to be consistent between the message prefix and the group label.
As we chatted on Slack, flod indicated that the prefix could use the hyphen version, Content-Security-Policy to match the header's name, in which case we would not translate it, and it would look like

▼ Avertissements de Content-Security-Policy
| Content-Security-Policy: Les paramètres de la page ont empêché le chargement d'une ressource ("script-src-elem").
| Content-Security-Policy: Les paramètres de la page ont empêché le chargement d'une ressource à https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2Feditor-starter-node.svg?v=1639352324133 ("img-src")

another approach would be to translate the prefix, in such case it would look like:

▼ Avertissements de stratégie de sécurité de contenu
| Stratégie de sécurité de contenu : Les paramètres de la page ont empêché le chargement d'une ressource ("script-src-elem").
| Stratégie de sécurité de contenu : Les paramètres de la page ont empêché le chargement d'une ressource à https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2Feditor-starter-node.svg?v=1639352324133 ("img-src")

note that in this version, we would also fix the issue (at least in French), that you need to have a non-breaking space before a colon.

Tom, how do you feel about this?

Comment 3

[Francesco Lodolo [:flod]]

One note is that we need to fix this in some way within the next 24 hours, because I don't want this string+comment pair to move to beta.

## Option 1

Change the string to say Content-Security-Policy, update the comment accordingly. Then update the code in nsCSPUtils.cpp to use Content-Security-Policy: as well (this could be uplifted to Beta if necessary).

This would be at least consistent. For 111 we should expose the actual Content-Security-Policy: %S string, so that punctuation and spacing can be fixed by each locale.

Option 2

Land this patch as is, just fixing the comment. Expose the string from nsCSPUtils.cpp in 111, knowing that 110 will be inconsistent.

I think option 1 is acceptable, given the target of the Web Console, but what I care about is avoiding confusing messages to localizers (Content Security Policy should be translated in user-facing strings, like network errors).

Comment 4

[Tom Schuster]

Changing all instances of Content Security Policy to Content-Security-Policy might involve a lot of test fixes, not sure. That seems unrealistic given the time frame.

If it makes it easier to accept, I would be fine with using "Content-Security-Policy warnings", but keeping the other existing errors the same for now, but change them later.

Comment 5

[Nicolas Chevobbe [:nchevobbe]]

(In reply to Tom Schuster (MoCo) from comment #4)

Changing all instances of Content Security Policy to Content-Security-Policy might involve a lot of test fixes, not sure. That seems unrealistic given the time frame.
If it makes it easier to accept, I would be fine with using "Content-Security-Policy warnings", but keeping the other existing errors the same for now, but change them later.

Alright, that sounds good to me.
I filed Bug 1809888 to take care of the prefix renaming

Comment 6

[Pulsebot]

Pushed by flodolo@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4d8dab1b9f4b
Use "Content-Security-Policy" for group CSP option, r=nchevobbe

Comment 7

[Norisz Fay [:noriszfay]]

https://hg.mozilla.org/mozilla-central/rev/4d8dab1b9f4b