npm - @gabrielbryk/arc-devtools-mcp - Versions diffs - 1.3.0 - Mend

@gabrielbryk/arc-devtools-mcp 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (367) hide show

package/build/src/third_party/issue-descriptions/corsAllowCredentialsRequired.md ADDED Viewed

@@ -0,0 +1,6 @@
+# Ensure CORS requests include credentials only when allowed
+A cross-origin resource sharing (CORS) request was blocked because it was configured to include credentials but the `Access-Control-Allow-Credentials` response header of the request or the associated preflight request was not set to `true`.
+To fix this issue, ensure that resources that expect credentialed CORS requests set the `Access-Control-Allow-Credentials` header to `true`.
+Note that this requires the `Access-Control-Allow-Origin` header to not be a wildcard `*`.

package/build/src/third_party/issue-descriptions/corsDisabledScheme.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Ensure CORS requests are made on supported schemes
+A cross-origin resource sharing (CORS) request was blocked because the scheme of the request's URL doesn't support CORS.
+To fix this issue, ensure all CORS request URLs specify a supported scheme, e.g. most commonly https://.
+Note that if an opaque response is sufficient, then for some schemes the request's mode can be set to `no-cors` to fetch the resource with CORS disabled; that way the scheme doesn't need to support CORS, but the response content is inaccessible (opaque).

package/build/src/third_party/issue-descriptions/corsDisallowedByMode.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Ensure only same-origin resources are fetched with same-origin request mode
+A cross-origin resource sharing (CORS) request to a cross-origin resource was blocked because the request mode was set to `same-origin`.
+To fix this issue, ensure that only same-origin resources are fetched with the `same-origin` request mode. If you need to fetch a cross-origin resource, use a request mode such as `cors`.
+Note that if an opaque response is sufficient, the request's mode can be set to `no-cors` to fetch the resource with CORS disabled; that way CORS headers are not required but the response content is inaccessible (opaque).

package/build/src/third_party/issue-descriptions/corsHeaderDisallowedByPreflightResponse.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Ensure CORS request includes only allowed headers
+A cross-origin resource sharing (CORS) request was blocked because it contained request headers that were neither CORS-safelisted (`Accept`, `Accept-Language`, `Content-Language`, `Content-Type`) nor allowed by the `Access-Control-Allow-Headers` response header of the associated preflight request.
+To fix this issue, include the additional request headers you want to use in the `Access-Control-Allow-Headers` response header of the associated preflight request.

package/build/src/third_party/issue-descriptions/corsInvalidHeaderValues.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Ensure CORS response header values are valid
+A cross-origin resource sharing (CORS) request was blocked because of invalid or missing response headers of the request or the associated [preflight request](issueCorsPreflightRequest).
+To fix this issue, ensure the response to the CORS request and/or the associated [preflight request](issueCorsPreflightRequest) are not missing headers and use valid header values.
+Note that if an opaque response is sufficient, the request's mode can be set to `no-cors` to fetch the resource with CORS disabled; that way CORS headers are not required but the response content is inaccessible (opaque).

package/build/src/third_party/issue-descriptions/corsLocalNetworkAccessPermissionDenied.md ADDED Viewed

@@ -0,0 +1,19 @@
+# Ensure that local network requests are compatible with restrictions
+A site requested a resource from a network that it could only access because of
+its users' privileged network position.
+These requests expose devices and servers to the internet, increasing the risk
+of a cross-site request forgery (CSRF) attack and/or information leakage.
+To mitigate these risks, Chrome is requiring the user grant explicit
+permission before a site can make local network requests. Local network requests
+are those that go to either private IP addresses, .local domains, or loopback
+addresses. Additionally, Chrome will block local network requests (both
+subframes and subresources) when initiated from non-secure contexts.
+If the user explicitly grants the permission, the site can make local network
+requests over HTTP for hostnames that are private IP addresses, .local
+hostnames, or to localhost. Sites can also set the `targetAddressSpace` fetch
+option to `private` or `local` to mark requests as being local network requests,
+which will allow them to be made over HTTP.

package/build/src/third_party/issue-descriptions/corsMethodDisallowedByPreflightResponse.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Ensure CORS request uses allowed method
+A cross-origin resource sharing (CORS) request was blocked because it neither uses one of the CORS-safelisted methods (`GET`, `HEAD`, `POST`) nor was the request method explicitly allowed by the `Access-Control-Allow-Methods` response header of the associated [preflight request](issueCorsPreflightRequest).
+To fix this issue, include the request method in the `Access-Control-Allow-Methods` header of the associated preflight request.

package/build/src/third_party/issue-descriptions/corsNoCorsRedirectModeNotFollow.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Ensure no-cors requests configure redirect mode follow
+A cross-origin resource sharing (CORS) request was blocked because it was configured to use request mode `no-cors` but did not use the redirect mode `follow`.
+To fix this issue, ensure that whenever the request mode `no-cors` is set then the redirect mode is set to `follow`.

package/build/src/third_party/issue-descriptions/corsOriginMismatch.md ADDED Viewed

@@ -0,0 +1,6 @@
+# Ensure CORS requesting origin matches resource's allowed origin
+A cross-origin resource sharing (CORS) request was blocked because the `Access-Control-Allow-Origin` response header of the request or the associated [preflight request](issueCorsPreflightRequest) specified an origin different from the origin of the context that initiated the request.
+To fix this issue, ensure that the `Access-Control-Allow-Origin` header for the resource matches the request context's origin.
+If the resource never needs to be accessed with credentials, the `Access-Control-Allow-Origin` header may be set to a wildcard `*` to allow access from everywhere.

package/build/src/third_party/issue-descriptions/corsPreflightResponseInvalid.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Ensure preflight responses are valid
+A cross-origin resource sharing (CORS) request was blocked because the response to the associated [preflight request](issueCorsPreflightRequest) failed, had an unsuccessful HTTP status code, and/or was a redirect.
+To fix this issue, ensure all CORS preflight `OPTIONS` requests are answered with a successful HTTP status code (2xx) and do not redirect.

package/build/src/third_party/issue-descriptions/corsRedirectContainsCredentials.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Ensure CORS requests are not redirected to URLs containing credentials
+A cross-origin resource sharing (CORS) request was blocked because the response was a redirect to a URL that includes credentials, i.e. redirected to a URL of the form `https://username:password@example.com`.
+To fix this issue, ensure CORS requests are not redirected to URLs that include credentials.

package/build/src/third_party/issue-descriptions/corsWildcardOriginNotAllowed.md ADDED Viewed

@@ -0,0 +1,8 @@
+# Ensure credentialed requests are not sent to CORS resources with origin wildcards
+A cross-origin resource sharing (CORS) request was blocked because it was configured to `include` credentials and the `Access-Control-Allow-Origin` response header of the request or the associated [preflight request](issueCorsPreflightRequest) was set to a wildcard `*`. CORS requests may only include credentials for resources where the `Access-Control-Allow-Origin` header is not a wildcard.
+To fix this issue, ensure that either the request is configured to not include credentials, or change the `Access-Control-Allow-Origin` header of the resource to not be a wildcard.
+Note that if an opaque response is sufficient, the request's mode can be set to `no-cors` to fetch the resource with CORS disabled; that way CORS headers are not required but credentials are not sent and the response content is inaccessible (opaque).

package/build/src/third_party/issue-descriptions/cspEvalViolation.md ADDED Viewed

@@ -0,0 +1,9 @@
+# Content Security Policy of your site blocks the use of 'eval' in JavaScript`
+The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.
+To solve this issue, avoid using `eval()`, `new Function()`, `setTimeout([string], ...)` and `setInterval([string], ...)` for evaluating strings.
+If you absolutely must: you can enable string evaluation by adding `unsafe-eval` as an allowed source in a `script-src` directive.
+⚠️ Allowing string evaluation comes at the risk of inline script injection.

package/build/src/third_party/issue-descriptions/cspInlineViolation.md ADDED Viewed

@@ -0,0 +1,10 @@
+# Content Security Policy blocks inline execution of scripts and stylesheets
+The Content Security Policy (CSP) prevents cross-site scripting attacks by blocking inline execution of scripts and style sheets.
+To solve this, move all inline scripts (e.g. `onclick=[JS code]`) and styles into external files.
+⚠️ Allowing inline execution comes at the risk of script injection via injection of HTML script elements. If you absolutely must, you can allow inline script and styles by:
+* adding `unsafe-inline` as a source to the CSP header
+* adding the hash or nonce of the inline script to your CSP header.

package/build/src/third_party/issue-descriptions/cspTrustedTypesPolicyViolation.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Trusted Type policy creation blocked by Content Security Policy
+Your site tries to create a Trusted Type policy that has not been allowed by the Content Security Policy. The Content Security Policy may restrict the set of valid names for Trusted Type policies, and forbid more than one policy of each name.
+To solve this, make sure that the names of the policies listed below are declared in the `trusted-types` CSP directive. To allow redefining policies add the `allow-duplicates` keyword. If you want to remove all restrictions on policy names, remove the `trusted-types` directive entirely (not recommended).

package/build/src/third_party/issue-descriptions/cspTrustedTypesSinkViolation.md ADDED Viewed

@@ -0,0 +1,8 @@
+# Trusted Type expected, but String received
+Your site tries to use a plain string in a DOM modification where a Trusted Type is expected. Requiring Trusted Types for DOM modifications helps to prevent cross-site scripting attacks.
+To solve this, provide a Trusted Type to all the DOM modifications listed below. You can convert a string into a Trusted Type by:
+* defining a policy and using its corresponding `createHTML`, `createScript` or `createScriptURL` function.
+* defining a policy named `default` which will be automatically called.

package/build/src/third_party/issue-descriptions/cspURLViolation.md ADDED Viewed

@@ -0,0 +1,10 @@
+# Content Security Policy of your site blocks some resources
+Some resources are blocked because their origin is not listed in your site's Content Security Policy (CSP). Your site's CSP is allowlist-based, so resources must be listed in the allowlist in order to be accessed.
+A site's Content Security Policy is set either via an HTTP header (recommended), or via a meta HTML tag.
+To fix this issue do one of the following:
+* (Recommended) If you're using an allowlist for `'script-src'`, consider switching from an allowlist CSP to a strict CSP, because strict CSPs are [more robust against XSS](issuesCSPWhyStrictOverAllowlist). [See how to set a strict CSP](issuesCSPSetStrict).
+* Or carefully check that all of the blocked resources are trustworthy; if they are, include their sources in the CSP of your site. ⚠️Never add a source you don't trust to your site's CSP. If you don't trust the source, consider hosting resources on your own site instead.

package/build/src/third_party/issue-descriptions/deprecation.md ADDED Viewed

@@ -0,0 +1,3 @@
+# {PLACEHOLDER_title}
+{PLACEHOLDER_message}

package/build/src/third_party/issue-descriptions/emailVerificationRequestAccountsEmptyList.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the accounts endpoint returned an empty list of accounts.

package/build/src/third_party/issue-descriptions/emailVerificationRequestAccountsHttpNotFound.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the accounts endpoint was not found (HTTP 404).

package/build/src/third_party/issue-descriptions/emailVerificationRequestAccountsInvalidContentType.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the accounts endpoint returned an invalid Content-Type.

package/build/src/third_party/issue-descriptions/emailVerificationRequestAccountsInvalidResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the accounts endpoint returned an invalid response.

package/build/src/third_party/issue-descriptions/emailVerificationRequestAccountsNoResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the accounts endpoint did not respond.

package/build/src/third_party/issue-descriptions/emailVerificationRequestDnsFetchFailed.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the DNS fetch failed.

package/build/src/third_party/issue-descriptions/emailVerificationRequestDnsInvalidRecord.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the DNS record is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestEmailVerificationWellKnownHttpNotFound.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the email verification well-known file was not found (HTTP 404).

package/build/src/third_party/issue-descriptions/emailVerificationRequestEmailVerificationWellKnownInvalidContentType.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the email verification well-known file returned an invalid Content-Type.

package/build/src/third_party/issue-descriptions/emailVerificationRequestEmailVerificationWellKnownInvalidResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the email verification well-known file returned an invalid response.

package/build/src/third_party/issue-descriptions/emailVerificationRequestEmailVerificationWellKnownNoResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the email verification well-known file did not respond.

package/build/src/third_party/issue-descriptions/emailVerificationRequestInvalidEmail.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the email address is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestJwksHttpNotFound.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the JWKS endpoint was not found (HTTP 404).

package/build/src/third_party/issue-descriptions/emailVerificationRequestJwksInvalidResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the JWKS endpoint returned an invalid response.

package/build/src/third_party/issue-descriptions/emailVerificationRequestKeyBindingSigningFailed.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because key binding signing failed.

package/build/src/third_party/issue-descriptions/emailVerificationRequestRpOriginIsOpaque.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the Relying Party origin is opaque.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenHttpNotFound.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the token endpoint was not found (HTTP 404).

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenInvalidContentType.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the token endpoint had an invalid Content-Type.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenInvalidResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the token endpoint response was invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenInvalidSdJwt.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the token endpoint returned an invalid SD-JWT.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenMalformedSdJwt.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the token endpoint returned a malformed SD-JWT.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenNoResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because there was no response from the token endpoint.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbInvalidAudience.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding audience claim is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbInvalidIssuedAt.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding issued at claim is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbInvalidNonce.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding nonce claim is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbInvalidSdHash.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding SD hash claim is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbInvalidTyp.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding type header is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbMissingAud.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding audience claim is missing.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbMissingCnf.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding confirmation claim is missing.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbMissingIat.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding issued at claim is missing.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbMissingNonce.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding nonce claim is missing.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbMissingSdHash.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding SD hash claim is missing.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationKbSignatureFailed.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the key binding signature verification failed.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtInvalidEmail.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT email claim is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtInvalidEmailVerified.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT email verified claim is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtInvalidHolderKey.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT holder key is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtInvalidIssuedAt.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT issued at claim is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtInvalidIssuer.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT issuer claim is invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtJwksMissingKeys.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT JWKS is missing keys.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtMissingCnf.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT confirmation claim is missing.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtMissingEmail.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT email claim is missing.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtMissingIat.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT issued at claim is missing.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtMissingIss.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT issuer claim is missing.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtSignatureFailed.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT signature verification failed.

package/build/src/third_party/issue-descriptions/emailVerificationRequestTokenVerificationSdJwtUnsupportedHeaderAlg.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the SD-JWT signature header algorithm is unsupported.

package/build/src/third_party/issue-descriptions/emailVerificationRequestUserLoggedOut.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the user is logged out.

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownAccountsEndpointCrossOrigin.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the accounts endpoint in the well-known file is cross-origin.

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownHttpNotFound.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the well-known file was not found (HTTP 404).

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownInvalidContentType.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the well-known file had an invalid Content-Type.

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownInvalidResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the well-known file response was invalid.

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownIssuanceEndpointCrossOrigin.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the issuance endpoint in the well-known file is cross-origin.

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownListEmpty.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the well-known file list was empty.

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownMissingAccountsEndpoint.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the well-known file is missing the accounts endpoint.

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownMissingIssuanceEndpoint.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the well-known file is missing the issuance endpoint.

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownNoResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because there was no response when fetching the well-known file.

package/build/src/third_party/issue-descriptions/emailVerificationRequestWellKnownUnsupportedSigningAlgorithm.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Email verification request failed because the well-known file specifies an unsupported signing algorithm.

package/build/src/third_party/issue-descriptions/federatedAuthRequestAccountsHttpNotFound.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The provider's accounts list endpoint cannot be found.

package/build/src/third_party/issue-descriptions/federatedAuthRequestAccountsInvalidResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Provider's accounts list is invalid.

package/build/src/third_party/issue-descriptions/federatedAuthRequestAccountsNoResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The response body is empty when fetching the provider's accounts list.

package/build/src/third_party/issue-descriptions/federatedAuthRequestApprovalDeclined.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # User declined the sign-in attempt.

package/build/src/third_party/issue-descriptions/federatedAuthRequestCanceled.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The request has been aborted.

package/build/src/third_party/issue-descriptions/federatedAuthRequestErrorFetchingSignin.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Error attempting to reach the provider's sign-in endpoint.

package/build/src/third_party/issue-descriptions/federatedAuthRequestErrorIdToken.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Error retrieving a token.

package/build/src/third_party/issue-descriptions/federatedAuthRequestIdTokenHttpNotFound.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The provider's id token endpoint cannot be found.

package/build/src/third_party/issue-descriptions/federatedAuthRequestIdTokenInvalidRequest.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The token fetching request is invalid.

package/build/src/third_party/issue-descriptions/federatedAuthRequestIdTokenInvalidResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Provider's token is invalid.

package/build/src/third_party/issue-descriptions/federatedAuthRequestIdTokenNoResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The response body is empty when fetching the provider's token.

package/build/src/third_party/issue-descriptions/federatedAuthRequestInvalidSigninResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Provider's sign-in response is invalid.

package/build/src/third_party/issue-descriptions/federatedAuthRequestManifestHttpNotFound.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The provider's FedCM manifest configuration cannot be found.

package/build/src/third_party/issue-descriptions/federatedAuthRequestManifestInvalidResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Provider's FedCM manifest configuration is invalid.

package/build/src/third_party/issue-descriptions/federatedAuthRequestManifestNoResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The response body is empty when fetching the provider's FedCM manifest configuration.

package/build/src/third_party/issue-descriptions/federatedAuthRequestTooManyRequests.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Only one navigator.credentials.get request may be outstanding at one time.

package/build/src/third_party/issue-descriptions/federatedAuthUserInfoRequestInvalidAccountsResponse.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # getUserInfo() failed because of an invalid accounts response.

package/build/src/third_party/issue-descriptions/federatedAuthUserInfoRequestInvalidConfigOrWellKnown.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # getUserInfo() failed because the config and well-known files were invalid.

package/build/src/third_party/issue-descriptions/federatedAuthUserInfoRequestNoAccountSharingPermission.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # getUserInfo() failed because the user has not yet used FedCM on this site with the provided IDP.

package/build/src/third_party/issue-descriptions/federatedAuthUserInfoRequestNoApiPermission.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # getUserInfo() is disabled because FedCM is disabled.

package/build/src/third_party/issue-descriptions/federatedAuthUserInfoRequestNoReturningUserFromFetchedAccounts.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # getUserInfo() failed because no account received was a returning account.

package/build/src/third_party/issue-descriptions/federatedAuthUserInfoRequestNotIframe.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # getUserInfo() caller is not an iframe.

package/build/src/third_party/issue-descriptions/federatedAuthUserInfoRequestNotPotentiallyTrustworthy.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # getUserInfo() failed because the config URL is not potentially trustworthy.

package/build/src/third_party/issue-descriptions/federatedAuthUserInfoRequestNotSameOrigin.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # getUserInfo() caller is not same origin as the config URL.

package/build/src/third_party/issue-descriptions/federatedAuthUserInfoRequestNotSignedInWithIdp.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # getUserInfo() is disabled because the IDP Sign-In Status is signed-out.

package/build/src/third_party/issue-descriptions/fetchingPartitionedBlobURL.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Fetching Partitioned Blob URL Issue
+This issue occurs when a Blob URL access attempt was blocked because it was made from a cross-partition, same-origin context.
+Make sure the Blob URL was created in the same [storage partition](storagePartitioningExplainer) as the context it is being fetched from.
+If access to unpartitioned Blob URLs is needed, the Storage Access API [can be used](storageAccessAPI).

package/build/src/third_party/issue-descriptions/genericBackUINavigationWouldSkipAd.md ADDED Viewed

@@ -0,0 +1,4 @@
+# Back UI Navigation Will Skip Ad
+An ad-related entry was found in the session history. If the user navigates back
+via the browser UI, this ad entry will be skipped.

package/build/src/third_party/issue-descriptions/genericFormAriaLabelledByToNonExistingIdError.md ADDED Viewed

@@ -0,0 +1,8 @@
+# An aria-labelledby attribute doesn't match any element id
+An `aria-labelledby` attribute doesn't match any element `id`. This might prevent
+the browser from correctly autofilling the form and accessibility tools from
+working correctly.
+To fix this issue, make sure that `aria-labelledby` is a space-separated list of
+element `id`s.

package/build/src/third_party/issue-descriptions/genericFormAutocompleteAttributeEmptyError.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Incorrect use of autocomplete attribute
+A form field's `autocomplete` attribute is empty. This might prevent the browser from correctly autofilling the form.
+To fix this issue, provide a valid `autocomplete` value.

package/build/src/third_party/issue-descriptions/genericFormDuplicateIdForInputError.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Duplicate form field id in the same form
+Multiple form field elements in the same form have the same `id` attribute value. This might prevent the browser from correctly autofilling the form.
+To fix this issue, use unique `id` attribute values for each form field.

package/build/src/third_party/issue-descriptions/genericFormEmptyIdAndNameAttributesForInputError.md ADDED Viewed

@@ -0,0 +1,5 @@
+# A form field element should have an id or name attribute
+A form field element has neither an `id` nor a `name` attribute. This might prevent the browser from correctly autofilling the form.
+To fix this issue, add a unique `id` or `name` attribute to a form field. This is not strictly needed, but still recommended even if you have an autocomplete attribute on the same element.

package/build/src/third_party/issue-descriptions/genericFormInputAssignedAutocompleteValueToIdOrNameAttributeError.md ADDED Viewed

@@ -0,0 +1,5 @@
+# An element doesn't have an autocomplete attribute
+A form field has an `id` or `name` attribute that the browser's autofill recognizes. However, it doesn't have an `autocomplete` attribute assigned. This might prevent the browser from correctly autofilling the form.
+To fix this issue, provide an `autocomplete` attribute.

package/build/src/third_party/issue-descriptions/genericFormInputHasWrongButWellIntendedAutocompleteValueError.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Non-standard `autocomplete` attribute value
+An `autocomplete` attribute of a form field uses a non-standard HTML value. This might prevent the browser from correctly autofilling the form.
+To fix this issue, use a valid `autocomplete` value.

package/build/src/third_party/issue-descriptions/genericFormInputWithNoLabelError.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Form field without valid aria-labelledby attribute or associated label
+A form field has neither a valid `aria-labelledby` attribute nor an associated `<label>`. This might prevent the browser from correctly autofilling the form and accessibility tools from working correctly.
+To fix this issue, provide a `<label>` describing the purpose of the form field.

package/build/src/third_party/issue-descriptions/genericFormLabelForMatchesNonExistingIdError.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Incorrect use of <label for=FORM_ELEMENT>
+The label's `for` attribute doesn't match any element `id`. This might prevent the browser from correctly autofilling the form and accessibility tools from working correctly.
+To fix this issue, make sure the label's `for` attribute references the correct `id` of a form field.

package/build/src/third_party/issue-descriptions/genericFormLabelForNameError.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Incorrect use of <label for=FORM_ELEMENT>
+The label's `for` attribute refers to a form field by its `name`, not its `id`. This might prevent the browser from correctly autofilling the form and accessibility tools from working correctly.
+To fix this issue, refer to form fields by their `id` attribute.

package/build/src/third_party/issue-descriptions/genericFormLabelHasNeitherForNorNestedInputError.md ADDED Viewed

@@ -0,0 +1,5 @@
+# No label associated with a form field
+A `<label>` isn't associated with a form field.
+To fix this issue, nest the `<input>` in the `<label>` or provide a `for` attribute on the `<label>` that matches a form field `id`.

package/build/src/third_party/issue-descriptions/genericFormModelContextMissingToolDescription.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Missing tool description for a WebMCP declarative tool definition
+This form is intended to be used as a WebMCP declarative tool definition, but it lacks a description explaining what the tool does. Descriptions are critical for AI models to decide when to use a given tool.
+To fix this issue, provide a tool description via the `tooldescription` attribute.

package/build/src/third_party/issue-descriptions/genericFormModelContextMissingToolName.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Missing tool name for a WebMCP declarative tool definition
+This form is intended to be used as a WebMCP declarative tool definition, but it does not specify a name. A tool name is required for an AI model to correctly identify and invoke the tool.
+To fix this issue, provide a tool name via the `toolname` attribute.

package/build/src/third_party/issue-descriptions/genericFormModelContextParameterMissingName.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Parameter missing name for a WebMCP declarative tool definition
+An input element within this form lacks a `name` attribute. Without a name, the AI model cannot format the parameter payload correctly when invoking the tool.
+To fix this issue, ensure form parameters have a `name` attribute.

package/build/src/third_party/issue-descriptions/genericFormModelContextParameterMissingTitleAndDescription.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Missing parameter title and description for a WebMCP declarative tool definition
+A parameter within this form (such as an `<input>` field) is missing both a title and a description. An AI model needs this metadata to understand what information should be passed to this parameter when invoking the tool.
+To fix this issue, add a title and description to the form parameter.

package/build/src/third_party/issue-descriptions/genericFormModelContextRequiredParameterMissingName.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Required parameter missing name for a WebMCP declarative tool definition
+A required input element within this form lacks a `name` attribute. Without a name, the AI model cannot format the parameter payload correctly when invoking the tool.
+To fix this issue, ensure all required form parameters have a `name` attribute.