npm - @gabrielbryk/arc-devtools-mcp - Versions diffs - 1.3.0 - Mend

@gabrielbryk/arc-devtools-mcp 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (367) hide show

package/build/src/third_party/issue-descriptions/genericNavigationEntryMarkedSkippable.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Session History Item Has Been Marked Skippable
+A session history item was added by this document without any interaction from the
+user. As a result, this document's history items will be skipped if the user goes
+back or forward via the browser's UI (e.g., back/forward buttons), to prevent pages
+from trapping a user. If the user interacts with the page, the history items
+will no longer be skipped.

package/build/src/third_party/issue-descriptions/genericResponseWasBlockedByORB.md ADDED Viewed

@@ -0,0 +1,4 @@
+# Response was blocked by CORB (Cross-Origin Read Blocking)
+Cross-Origin Read Blocking (CORB) blocked a cross-origin response.

package/build/src/third_party/issue-descriptions/heavyAd.md ADDED Viewed

@@ -0,0 +1,10 @@
+# An ad on your site has exceeded resource limits
+Chrome identifies heavy ads on your site that use too many resources without a user gesture. Heavy ads have an impact on performance and harm the user’s browsing experience. They increase battery drain, consume mobile data, and make your site slow. To improve the user experience, Chrome warns about or removes heavy ads.
+An ad is considered heavy if the user has not interacted with it (for example, has not tapped or clicked it) and it meets any of the following criteria:
+* Uses the main thread for more than 60 seconds in total (CPU total limit)
+* Uses the main thread for more than 15 seconds in any 30 second window (CPU peak limit)
+* Uses more than 4 megabytes of network bandwidth (Network limit)
+Stop this from happening by only showing ads that stay within resource limits.

package/build/src/third_party/issue-descriptions/mixedContent.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Mixed content: load all resources via HTTPS to improve the security of your site
+Even though the initial HTML page is loaded over a secure HTTPS connection, some resources like images, stylesheets or scripts are being accessed over an insecure HTTP connection. Usage of insecure resources is restricted to strengthen the security of your entire site.
+To resolve this issue, load all resources over a secure HTTPS connection.

package/build/src/third_party/issue-descriptions/navigatingPartitionedBlobURL.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Navigating Partitioned Blob URL Issue
+This issue occurs when 'noopener' was enforced during navigation to a cross-partition, same-origin Blob URL. The navigation won't be blocked due to it being cross-partition, but APIs like window.open won't return a WindowProxy for the new window in this case.
+If your application requires a WindowProxy object to be returned by navigating to the Blob URL, make sure the Blob URL has the same top-level site as the context it is navigated fetched from.

package/build/src/third_party/issue-descriptions/permissionElementActivationDisabled.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Activation disabled
+The "{PLACEHOLDER_Type}" element could not be activated for the following reason: {PLACEHOLDER_DisableReason}.
+To resolve this issue, ensure that the element follows all styling restrictions and is fully visible to the user.
+You can use the command line flag `--runtime-enabled-features=BypassPepcSecurityForTesting` to bypass this behavior for testing purposes.

package/build/src/third_party/issue-descriptions/permissionElementActivationDisabledWithOccluder.md ADDED Viewed

@@ -0,0 +1,9 @@
+# Activation disabled
+The "{PLACEHOLDER_Type}" element could not be activated for the following reason: {PLACEHOLDER_DisableReason}.
+The element is occluded by: "{PLACEHOLDER_OccluderInfo}"
+To resolve this issue, ensure that the element follows all styling restrictions and is fully visible to the user.
+You can use the command line flag `--runtime-enabled-features=BypassPepcSecurityForTesting` to bypass this behavior for testing purposes.

package/build/src/third_party/issue-descriptions/permissionElementActivationDisabledWithOccluderParent.md ADDED Viewed

@@ -0,0 +1,9 @@
+# Activation disabled
+The "{PLACEHOLDER_Type}" element could not be activated for the following reason: {PLACEHOLDER_DisableReason}.
+The element is occluded by: "{PLACEHOLDER_OccluderInfo}" (parent element: "{PLACEHOLDER_OccluderParentInfo}")
+To resolve this issue, ensure that the element follows all styling restrictions and is fully visible to the user.
+You can use the command line flag `--runtime-enabled-features=BypassPepcSecurityForTesting` to bypass this behavior for testing purposes.

package/build/src/third_party/issue-descriptions/permissionElementCspFrameAncestorsMissing.md ADDED Viewed

@@ -0,0 +1,5 @@
+# CSP `frame-ancestors` missing
+The "{PLACEHOLDER_Type}" element is used in a cross-origin iframe, but the required `frame-ancestors` Content Security Policy directive is missing.
+To resolve this issue, add a `frame-ancestors` Content Security Policy directive to the iframe.

package/build/src/third_party/issue-descriptions/permissionElementFencedFrameDisallowed.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Fenced frame disallowed
+The "{PLACEHOLDER_Type}" element is not allowed in a fenced frame.
+To resolve this issue, ensure the element is not used in a fenced frame.

package/build/src/third_party/issue-descriptions/permissionElementFontSizeTooLarge.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Font size too large
+The "{PLACEHOLDER_Type}" element's font size is too large.
+To resolve this issue, ensure that the element's font is at most 'xx-large'.

package/build/src/third_party/issue-descriptions/permissionElementFontSizeTooSmall.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Font size too small
+The "{PLACEHOLDER_Type}" element's font size is too small.
+To resolve this issue, ensure that the element's font is at least 'small'.

package/build/src/third_party/issue-descriptions/permissionElementGeolocationDeprecated.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Geolocation deprecated
+Using `<permission type="geolocation">` is deprecated.
+To resolve this issue, use the `<geolocation>` element instead.

package/build/src/third_party/issue-descriptions/permissionElementInsetBoxShadowUnsupported.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Unsupported inset box shadow
+The "{PLACEHOLDER_Type}" element does not support `inset` box shadows.
+To resolve this issue, remove the `inset` keyword from the relevant stylesheet.

package/build/src/third_party/issue-descriptions/permissionElementInvalidDisplayStyle.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Invalid display style
+The "{PLACEHOLDER_Type}" element has an invalid display style. Values that result in an unsupported layout are not allowed.
+To resolve this issue, consider using 'inline-block', 'block', or 'flex' instead.

package/build/src/third_party/issue-descriptions/permissionElementInvalidSizeValue.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Invalid size value
+Content, intrinsic, or stretch sizes are not supported as values for the min/max width and height of the "{PLACEHOLDER_Type}" element.
+To resolve this issue, use absolute or relative lengths for the element's width and height.

package/build/src/third_party/issue-descriptions/permissionElementInvalidType.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Invalid type attribute
+The "{PLACEHOLDER_Type}" type is not supported.
+To resolve this issue, ensure the element's type is one of the supported values: "camera", "microphone", "geolocation", "camera microphone".

package/build/src/third_party/issue-descriptions/permissionElementInvalidTypeActivation.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Invalid type activation
+An element with the "{PLACEHOLDER_Type}" type was attempted to be activated. However this type is not supported.
+To resolve this issue, ensure the element's type is one of the supported values: "camera", "microphone", "geolocation", "camera microphone".

package/build/src/third_party/issue-descriptions/permissionElementLowContrast.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Low contrast
+The contrast between the text color and background color of the "{PLACEHOLDER_Type}" element is too low.
+To resolve this issue, ensure that your text/background colors have more contrast between them.

package/build/src/third_party/issue-descriptions/permissionElementNonOpaqueColor.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Non-opaque color
+The text color or background color of the "{PLACEHOLDER_Type}" element is non-opaque.
+To resolve this issue, ensure the element's text and background colors have their alpha channel value at 100%.

package/build/src/third_party/issue-descriptions/permissionElementPaddingBottomUnsupported.md ADDED Viewed

@@ -0,0 +1,6 @@
+# Unsupported bottom padding
+The "{PLACEHOLDER_Type}" element does not support `padding-bottom`.
+`padding-bottom` is always set to be identical to `padding-top`.
+To resolve this issue, ensure the element's `padding-bottom` is unset or identical to `padding-top`.

package/build/src/third_party/issue-descriptions/permissionElementPaddingRightUnsupported.md ADDED Viewed

@@ -0,0 +1,6 @@
+# Unsupported right padding
+The "{PLACEHOLDER_Type}" element does not support `padding-right`.
+`padding-right` is always set to be identical to `padding-left`.
+To resolve this issue, ensure the element's `padding-right` is unset or identical to `padding-left`.

package/build/src/third_party/issue-descriptions/permissionElementPermissionsPolicyBlocked.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Permissions policy blocked
+The "{PLACEHOLDER_Type}" element is blocked by the "{PLACEHOLDER_PermissionName}" permission policy.
+To resolve this issue, ensure the frame which contains the element is loaded with the appropriate permission policy by its embedder.

package/build/src/third_party/issue-descriptions/permissionElementRegistrationFailed.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Quota exceeded
+The "{PLACEHOLDER_Type}" element has surpassed the maximum instances quota per page.
+To resolve this issue, ensure that you have no more than 3 elements of the same type per page.

package/build/src/third_party/issue-descriptions/permissionElementRequestInProgress.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Request in progress
+A permission request on the "{PLACEHOLDER_Type}" element was prevented because a previous request is still in progress.
+To resolve this issue, ensure that the site does not allow users to interact with the element behind the current content scrim (for example by moving the element to a document in a new window, which is not covered by the scrim).

package/build/src/third_party/issue-descriptions/permissionElementSecurityChecksFailed.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Activation disabled (quota)
+The "{PLACEHOLDER_Type}" element could not be activated because the page's quota has been exceeded.
+To resolve this issue, ensure that you have no more than 3 elements of the same type per page.

package/build/src/third_party/issue-descriptions/permissionElementTypeNotSupported.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Permission not supported
+The permission type "{PLACEHOLDER_Type}" is not supported by this browser and therefore the element will not be functional.
+To resolve this issue, ensure the element's type is one of the supported values: "camera", "microphone", "geolocation", "camera microphone".

package/build/src/third_party/issue-descriptions/permissionElementUntrustedEvent.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Untrusted event
+The "{PLACEHOLDER_Type}" element can only be activated by actual user clicks, not simulated ones.
+To resolve this issue, do not use frameworks which simulate click events, (e.g. via `click()`) and do not prevent the `DOMActivate` event.
+You can use the command line flag `--runtime-enabled-features=BypassPepcSecurityForTesting` to bypass this behavior for testing purposes.

package/build/src/third_party/issue-descriptions/placeholderDescriptionForInvisibleIssues.md ADDED Viewed

@@ -0,0 +1,3 @@
+# This is a placeholder issue description
+This description is used for issues that are not intended to be shown to the user. This means there is no need for a useful description.

package/build/src/third_party/issue-descriptions/propertyRuleInvalidNameIssue.md ADDED Viewed

@@ -0,0 +1,3 @@
+# An @property rule was ignored
+An @property rule is ignored because the property name is invalid.

package/build/src/third_party/issue-descriptions/propertyRuleIssue.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Ignored @property rule
+An @property rule is ignored because it contains an invalid property or is missing a required one:
+```
+{PLACEHOLDER_property}
+```

package/build/src/third_party/issue-descriptions/selectElementAccessibilityDisallowedOptGroupChild.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Invalid element or text node within <optgroup>
+An element which is not allowed in the content model of the `<optgroup>` element was found within an `<optgroup>` element. These elements will not consistently be accessible to people navigating by keyboard or using assistive technology.
+If using disallowed elements for layout structure and styling, consider using the allowed `<div>` element instead.
+Any text existing within the `<optgroup>` element should either be removed or relocated to a valid element that allows text descendants, e.g., the `<legend>` or `<option>` elements.

package/build/src/third_party/issue-descriptions/selectElementAccessibilityDisallowedSelectChild.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Invalid element or text node within <select>
+An element which is not allowed in the content model of the `<select>` element was found within a `<select>` element. These elements will not consistently be accessible to people navigating by keyboard or using assistive technology.
+If using disallowed elements for layout structure and styling, consider using the allowed `<div>` element instead.
+Any text existing within the `<select>` element should either be removed or relocated to a valid element that allows text descendants, e.g., an `<optgroup>` with a `<legend>` element or `<option>` elements.

package/build/src/third_party/issue-descriptions/selectElementAccessibilityInteractiveContentAttributesSelectDescendant.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Element with invalid attributes within a <select> element
+An element with `contenteditable` or `tabindex` attributes is not an allowed child of a `<select>` element. It will not consistently be accessible to people navigating by keyboard or using assistive technology.

package/build/src/third_party/issue-descriptions/selectElementAccessibilityInteractiveContentLegendChild.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Interactive element inside of a <legend> element
+An interactive element which is not allowed in the content model of the `<legend>` element was found within a `<legend>` element. Interactive elements are not allowed children of a `<legend>` element when used within an `<optgroup>` element. These elements will not consistently be accessible to people navigating by keyboard or using assistive technology.

package/build/src/third_party/issue-descriptions/selectElementAccessibilityInteractiveContentOptionChild.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Interactive element inside of an <option> element
+An interactive element which is not allowed in the content model of the `<option>` element was found within an `<option>` element. These elements will not consistently be accessible to people navigating by keyboard or using assistive technology.

package/build/src/third_party/issue-descriptions/selectElementAccessibilityNonPhrasingContentOptionChild.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Non-phrasing content used within an <option> element
+The `<option>` element allows only non-interactive phrasing content, text, and `<div>` elements as its children. The semantics of non-phrasing content elements do not make sense as children of an `<option>`, and such semantics will largely be ignored by assistive technology since they are inappropriate in this context. Consider removing or changing such elements to one of the allowed phrasing content elements.

package/build/src/third_party/issue-descriptions/selectivePermissionsIntervention.md ADDED Viewed

@@ -0,0 +1,7 @@
+# Selective Permissions Intervention
+The Selective Permissions Intervention blocks calls to privacy-sensitive APIs when they are called from ad scripts in order to align the permission grant with the user's intent. The particular API that was blocked, the call-stack that triggered the intervention, and why the script that called the API is considered ad-related is shown below.
+Note that Chrome considers any script with a URL that matches a rule in the [filterlist](ChromeFilterlistRepository) as ad script, and the matching rule is shown in the Ad Ancestry section. In addition, any script loaded while an ad script is in the JavaScript stack will also be considered an ad script by Chrome and is also shown in Ad Ancestry.
+If you believe this intervention  was in error (e.g., this call would occur even when loading the page with an ad blocker enabled), then please [file a bug](SelectivePermissionsInterventionIssue).

package/build/src/third_party/issue-descriptions/sharedArrayBuffer.md ADDED Viewed

@@ -0,0 +1,7 @@
+# SharedArrayBuffer usage is restricted to cross-origin isolated sites
+SharedArrayBuffers (SABs) can be used to construct high-resolution timers. High-resolution timers simplify Spectre attacks on cross-origin resources.
+To mitigate security risks across browsers, SharedArrayBuffers are gated behind cross-origin isolated contexts starting with Chrome 92 (July 2021). To continue using SharedArrayBuffers, please ensure that this page opts-into cross-origin isolation by setting Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy appropriately.
+Note that for each iframe, only the first issue is reported for performance reasons.

package/build/src/third_party/issue-descriptions/sharedDictionaryUseErrorCrossOriginNoCorsRequest.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Found a matching dictionary, but the dictionary can't be used for the cross origin no-cors request

package/build/src/third_party/issue-descriptions/sharedDictionaryUseErrorDictionaryLoadFailure.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Failed to load the matching dictionary
+A matching dictionary was found but it failed to load.

package/build/src/third_party/issue-descriptions/sharedDictionaryUseErrorMatchingDictionaryNotUsed.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Found a matching dictionary, but the dictionary is not used for the response
+Consider revisiting the `match` pattern or `match-dest` of the dictionary.

package/build/src/third_party/issue-descriptions/sharedDictionaryUseErrorUnexpectedContentDictionaryHeader.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Can't decode the response because the header of dictionary compressed stream was not set correctly

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorCossOriginNoCorsRequest.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Can't register the cross origin response fetched by a no-cors request as as a dictionary

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorDisallowedBySettings.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Compression Dictionary is disabled by settings

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorExpiredResponse.md ADDED Viewed

@@ -0,0 +1,3 @@
+# The response can't be used as a dictionary because its freshness is expired
+Check `Cache-Control` and `Expires` headers.

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorFeatureDisabled.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Compression Dictionary Transport feature is disabled
+Please enable chrome://flags/#enable-compression-dictionary-transport

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorInsufficientResources.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Failed to write the dictionary due to insufficient resources

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorInvalidMatchField.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Unable to parse the `match` field of the `Use-As-Dictionary` HTTP response header

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorInvalidStructuredHeader.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # `Use-As-Dictionary` HTTP response header is not a valid Structured Field value

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorInvalidTTLField.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The `ttl` field of the `Use-As-Dictionary` HTTP response header must be a positive integer

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorNavigationRequest.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Can't register the response of the navigation request as a dictionary
+Navigation responses are not usable as compression dictionaries.

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorNoMatchField.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # There is no `match` field in the `Use-As-Dictionary` HTTP response header

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorNonIntegerTTLField.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The `ttl` field of the `Use-As-Dictionary` HTTP response header must be an integer

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorNonListMatchDestField.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The `match-dest` field of the `Use-As-Dictionary` HTTP response header must be a list

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorNonSecureContext.md ADDED Viewed

@@ -0,0 +1,3 @@
+# Unable to register a dictionary in a non-Secure Context
+Compression dictionaries are only available over HTTPS.

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorNonStringIdField.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The `id` field of the `Use-As-Dictionary` HTTP response header must be a string

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorNonStringInMatchDestList.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Items in the `match-dest` field of the `Use-As-Dictionary` HTTP response header must be strings

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorNonStringMatchField.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The `match` field of the `Use-As-Dictionary` HTTP response header must be a string

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorNonTokenTypeField.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # The `type` field of the `Use-As-Dictionary` HTTP response header must be a token

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorRequestAborted.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # An error occurred while writing the dictionary

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorShuttingDown.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ # Failed to write the dictionary due to shutdown

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorTooLongIdField.md ADDED Viewed

@@ -0,0 +1,3 @@
+# The `id` field of the `Use-As-Dictionary` HTTP response header is too long
+The `id` field must not be longer than 1024 characters.

package/build/src/third_party/issue-descriptions/sharedDictionaryWriteErrorUnsupportedType.md ADDED Viewed

@@ -0,0 +1,3 @@
+# The `type` field of the `Use-As-Dictionary` HTTP response header must be `raw`
+Only `raw` dictionaries are currently supported.

package/build/src/third_party/issue-descriptions/sriInvalidSignatureHeader.md ADDED Viewed

@@ -0,0 +1,14 @@
+# A `signature` header is not formatted as a Structured Field Dictionary.
+Responses' [`signature`](signatureHeader) header should be formatted as a
+[Dictionary](sfDictionary) containing one or more signatures. Each member's key
+is a label for the signature which maps it to the relevant metadata defined in
+a [`signature-input`](signatureInputHeader) header. Each member's value is a
+[Byte Sequence](sfByteSequence) containing the signature itself.
+For example, the following header contains a single Ed25519 signature labeled
+"label":
+```
+Signature: label=:gHim9e5Pk2H7c9BStOmxSmkyc8+ioZgoxynu3d4INAT4dwfj5LhvaV9DFnEQ9p7C0hzW4o4Qpkm5aApd6WLLCw==:
+```

package/build/src/third_party/issue-descriptions/sriInvalidSignatureInputHeader.md ADDED Viewed

@@ -0,0 +1,15 @@
+# A `signature-input` header is not formatted as a Structured Field Dictionary.
+Responses' [`signature-input`](signatureInputHeader) header should be formatted
+as a [Dictionary](sfDictionary) containing metadata regarding one or more
+signatures. Each member's key is a label for the metadata which maps it to the
+relevant signature defined in a [`signature`](signatureHeader) header. Each
+member's value is an [Inner List](sfInnerList) containing a set of components
+over which a signature is generated. The list may have one or more parameters.
+For example, the following header contains metadata for a signature labeled
+"label":
+```
+Signature-Input: signature=("unencoded-digest";sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
+```

package/build/src/third_party/issue-descriptions/sriMissingSignatureHeader.md ADDED Viewed

@@ -0,0 +1,8 @@
+# A `signature-input` header was specified without an accompanying `signature` header.
+[`signature-input`](signatureInputHeader) headers specify metadata that allows
+verification of signatures delivered with a response. If no
+[`signature`](signatureHeader) header is present, the
+[`signature-input`](signatureInputHeader) header can be omitted, as it serves no
+useful purpose in the absence of signatures. Both headers must be present for
+verification to proceed.

package/build/src/third_party/issue-descriptions/sriMissingSignatureInputHeader.md ADDED Viewed

@@ -0,0 +1,7 @@
+# A `signature` header was specified without an accompanying `signature-input` header.
+[`signature`](signatureHeader) headers specify signatures which can be verified
+against a given response. Verification cannot proceed, however, in the absence of a
+[`signature-input`](signatureInputHeader) header which defines relevant metadata
+which allows servers and clients to agree on the exact message which is being
+signed. Both headers must be present for verification to proceed.

package/build/src/third_party/issue-descriptions/sriSignatureHeaderValueIsIncorrectLength.md ADDED Viewed

@@ -0,0 +1,11 @@
+# A `signature` header contains a signature which cannot be verified.
+This browser can only verify Ed25519 signatures, which are 512 bits long. The
+signature delivered with this response does not match that length.
+For example, the following header contains a valid Ed25519 signature labeled
+"label":
+```
+Signature: label=:gHim9e5Pk2H7c9BStOmxSmkyc8+ioZgoxynu3d4INAT4dwfj5LhvaV9DFnEQ9p7C0hzW4o4Qpkm5aApd6WLLCw==:
+```

package/build/src/third_party/issue-descriptions/sriSignatureHeaderValueIsNotByteSequence.md ADDED Viewed

@@ -0,0 +1,14 @@
+# A `signature` header member's value is not a Byte Sequence.
+Responses' [`signature`](signatureHeader) header should be formatted as a
+[Dictionary](sfDictionary) containing one or more signatures. Each member's key
+is a label for the signature which maps it to the relevant metadata defined in
+a [`signature-input`](signatureInputHeader) header. Each member's value is a
+[Byte Sequence](sfByteSequence) containing the signature itself.
+For example, the following header contains a single Ed25519 signature labeled
+"label":
+```
+Signature: label=:gHim9e5Pk2H7c9BStOmxSmkyc8+ioZgoxynu3d4INAT4dwfj5LhvaV9DFnEQ9p7C0hzW4o4Qpkm5aApd6WLLCw==:
+```

package/build/src/third_party/issue-descriptions/sriSignatureHeaderValueIsParameterized.md ADDED Viewed

@@ -0,0 +1,15 @@
+# A `signature` header member's value is parameterized.
+Responses' [`signature`](signatureHeader) header should be formatted as a
+[Dictionary](sfDictionary) containing one or more signatures. Each member's key
+is a label for the signature which maps it to the relevant metadata defined in a
+[`signature-input`](signatureInputHeader) header. Each member's value is a
+[Byte Sequence](sfByteSequence) containing the signature itself, with no
+additional parameters specified.
+For example, the following header contains a single Ed25519 signature labeled
+"label":
+```
+Signature: label=:gHim9e5Pk2H7c9BStOmxSmkyc8+ioZgoxynu3d4INAT4dwfj5LhvaV9DFnEQ9p7C0hzW4o4Qpkm5aApd6WLLCw==:
+```

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderInvalidComponentName.md ADDED Viewed

@@ -0,0 +1,8 @@
+# A `signature-input` header member's value contains an unknown component.
+The metadata delivered via [`signature-input`](signatureInputHeader) can only
+contain a limited set of components in the list it specifies. The known
+components are:
+* "`unencoded-digest`"
+* "`@path`"

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderInvalidComponentType.md ADDED Viewed

@@ -0,0 +1,13 @@
+# A `signature-input` header's component is not a string.
+Responses' [`signature-input`](signatureInputHeader) header's members' values
+are [Inner Lists](sfInnerList) whose contents are each strings. Perhaps you
+forgot double-quotes around a component?
+```
+// Correct:
+Signature-Input: signature=("unencoded-digest";sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
+// Incorrect:
+Signature-Input: signature=(unencoded-digest;sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
+```

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderInvalidDerivedComponentParameter.md ADDED Viewed

@@ -0,0 +1,4 @@
+# Invalid parameter on a derived component in a `signature-input` header.
+Derived components must be specified as deriving from the request, using the
+[`req` parameter](componentParameterReq). No other parameter may be specified.

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderInvalidHeaderComponentParameter.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Invalid parameter on a header component in a `signature-input` header.
+The header [`unencoded-digest`](unencodedDigestHeader) must be specified as
+being strictly serialized in the signature base, using the
+[`sf` parameter](componentParameterSf). No other parameter may be specified.

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderInvalidParameter.md ADDED Viewed

@@ -0,0 +1,11 @@
+# Invalid parameter on the list of components in a `signature-input` header.
+The `signature-input` header's [Inner Lists](sfInnerList) must be specified with the
+[`keyid` and `type` parameters](signatureParameters). The following parameters may
+also be specified:
+* `created`
+* `expires`
+* `nonce`
+No other parameter may be specified.

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderKeyIdLength.md ADDED Viewed

@@ -0,0 +1,12 @@
+# Invalid `keyid` value in a `signature-input` header.
+The key specified in a [`signature-input`](signatureInputHeader) header's
+[`keyid` parameter](signatureParameters) is not a base64-encoded
+256 bit sequence, and therefore cannot be decoded as an Ed25519 public key.
+Note that the `keyid` parameter's value is a string, not a
+[Byte Sequence](sfByteSequence). For example:
+```
+Signature-Input: signature=("unencoded-digest";sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
+```

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderMissingLabel.md ADDED Viewed

@@ -0,0 +1,6 @@
+# Label mismatch between `signature` and `signature-input` headers.
+A [`signature`](signatureHeader) header specifies a signature whose label does
+not appear in a corresponding [`signature-input`](signatureInputHeader) header.
+Without a `signature-input` header's definition of the signature's metadata,
+the signature cannot be verified.

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderMissingRequiredParameters.md ADDED Viewed

@@ -0,0 +1,8 @@
+# Missing a required parameter on the list of components in a `signature-input` header.
+The [`signature-input`][signatureInputHeader] header's [Inner Lists](sfInnerList)
+must be specified with both the [`keyid` and `type` parameters](signatureParameters).
+```
+Signature-Input: signature=("unencoded-digest";sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
+```

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderValueMissingComponents.md ADDED Viewed

@@ -0,0 +1,11 @@
+# Missing a required component in a `signature-input` header.
+The [`signature-input`](signatureInputHeader) header's
+[Inner Lists](sfInnerList) must contain the string "`unencoded-digest`" with an
+`sf` parameter:
+For example:
+```
+Signature-Input: signature=("unencoded-digest";sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
+```

package/build/src/third_party/issue-descriptions/sriSignatureInputHeaderValueNotInnerList.md ADDED Viewed

@@ -0,0 +1,11 @@
+# A `signature-input` header has a member whose value is not an Inner List.
+The value of each member of a [`signature-input`](signatureInputHeader) header's
+[Dictionary][sfDictionary] must be an [Inner List](sfInnerList) containing the
+set of components over which a signature is generated.
+For example:
+```
+Signature-Input: signature=("unencoded-digest";sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
+```