npm - @mcp-b/chrome-devtools-mcp - Versions diffs - 2.2.0 → 2.3.0 - Mend

@mcp-b/chrome-devtools-mcp 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (234) hide show

package/build/src/third_party/issue-descriptions/SameSiteExcludeContextDowngradeRead.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Migrate entirely to HTTPS to have cookies sent to same-site subresources
-A cookie was not sent to {PLACEHOLDER_destination} origin from {PLACEHOLDER_origin} context.
-Because this cookie would have been sent across schemes on the same site, it was not sent.
-This behavior enhances the `SameSite` attribute’s protection of user data from request forgery by network attackers.
-Resolve this issue by migrating your site (as defined by the eTLD+1) entirely to HTTPS.
-It is also recommended to mark the cookie with the `Secure` attribute if that is not already the case.

package/build/src/third_party/issue-descriptions/SameSiteExcludeContextDowngradeSet.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Migrate entirely to HTTPS to allow cookies to be set by same-site subresources
-A cookie was not set by {PLACEHOLDER_origin} origin in {PLACEHOLDER_destination} context.
-Because this cookie would have been set across schemes on the same site, it was blocked.
-This behavior enhances the `SameSite` attribute’s protection of user data from request forgery by network attackers.
-Resolve this issue by migrating your site (as defined by the eTLD+1) entirely to HTTPS.
-It is also recommended to mark the cookie with the `Secure` attribute if that is not already the case.

package/build/src/third_party/issue-descriptions/SameSiteExcludeNavigationContextDowngrade.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Migrate entirely to HTTPS to have cookies sent on same-site requests
-A cookie was not sent to {PLACEHOLDER_destination} origin from {PLACEHOLDER_origin} context on a navigation.
-Because this cookie would have been sent across schemes on the same site, it was not sent.
-This behavior enhances the `SameSite` attribute’s protection of user data from request forgery by network attackers.
-Resolve this issue by migrating your site (as defined by the eTLD+1) entirely to HTTPS.
-It is also recommended to mark the cookie with the `Secure` attribute if that is not already the case.

package/build/src/third_party/issue-descriptions/SameSiteNoneInsecureErrorRead.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Mark cross-site cookies as Secure to allow them to be sent in cross-site requests
-Cookies marked with `SameSite=None` must also be marked with `Secure` to get sent in cross-site requests.
-This behavior protects user data from being sent over an insecure connection.
-Resolve this issue by updating the attributes of the cookie:
-* Specify `SameSite=None` and `Secure` if the cookie should be sent in cross-site requests. This enables third-party use.
-* Specify `SameSite=Strict` or `SameSite=Lax` if the cookie should not be sent in cross-site requests.

package/build/src/third_party/issue-descriptions/SameSiteNoneInsecureErrorSet.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Mark cross-site cookies as Secure to allow setting them in cross-site contexts
-Cookies marked with `SameSite=None` must also be marked with `Secure` to allow setting them in a cross-site context.
-This behavior protects user data from being sent over an insecure connection.
-Resolve this issue by updating the attributes of the cookie:
-* Specify `SameSite=None` and `Secure` if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the `Secure` attribute.
-* Specify `SameSite=Strict` or `SameSite=Lax` if the cookie should not be set by cross-site requests.

package/build/src/third_party/issue-descriptions/SameSiteNoneInsecureWarnRead.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Mark cross-site cookies as Secure to allow them to be sent in cross-site requests
-In a future version of the browser, cookies marked with `SameSite=None` must also be marked with `Secure` to get sent in cross-site requests.
-This behavior protects user data from being sent over an insecure connection.
-Resolve this issue by updating the attributes of the cookie:
-* Specify `SameSite=None` and `Secure` if the cookie should be sent in cross-site requests. This enables third-party use.
-* Specify `SameSite=Strict` or `SameSite=Lax` if the cookie should not be sent in cross-site requests.

package/build/src/third_party/issue-descriptions/SameSiteNoneInsecureWarnSet.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Mark cross-site cookies as Secure to allow setting them in cross-site contexts
-In a future version of the browser, cookies marked with `SameSite=None` must also be marked with `Secure` to allow setting them in a cross-site context.
-This behavior protects user data from being sent over an insecure connection.
-Resolve this issue by updating the attributes of the cookie:
-* Specify `SameSite=None` and `Secure` if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the `Secure` attribute.
-* Specify `SameSite=Strict` or `SameSite=Lax` if the cookie should not be set by cross-site requests.

package/build/src/third_party/issue-descriptions/SameSiteUnspecifiedLaxAllowUnsafeRead.md DELETED Viewed

@@ -1,9 +0,0 @@
-# Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
-Because a cookie’s `SameSite` attribute was not set or is invalid, it defaults to `SameSite=Lax`,
-which will prevent the cookie from being sent in a cross-site request in a future version of the browser.
-This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
-Resolve this issue by updating the attributes of the cookie:
-* Specify `SameSite=None` and `Secure` if the cookie should be sent in cross-site requests. This enables third-party use.
-* Specify `SameSite=Strict` or `SameSite=Lax` if the cookie should not be sent in cross-site requests.

package/build/src/third_party/issue-descriptions/SameSiteUnspecifiedLaxAllowUnsafeSet.md DELETED Viewed

@@ -1,9 +0,0 @@
-# Indicate whether a cookie is intended to be set in cross-site context by specifying its SameSite attribute
-Because a cookie’s `SameSite` attribute was not set or is invalid, it defaults to `SameSite=Lax`,
-which will prevents the cookie from being set in a cross-site context in a future version of the browser.
-This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
-Resolve this issue by updating the attributes of the cookie:
-* Specify `SameSite=None` and `Secure` if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the `Secure` attribute.
-* Specify `SameSite=Strict` or `SameSite=Lax` if the cookie should not be set by cross-site requests.

package/build/src/third_party/issue-descriptions/SameSiteWarnCrossDowngradeRead.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Migrate entirely to HTTPS to continue having cookies sent to same-site subresources
-A cookie is being sent to {PLACEHOLDER_destination} origin from {PLACEHOLDER_origin} context.
-Because this cookie is being sent across schemes on the same site, it will not be sent in a future version of Chrome.
-This behavior enhances the `SameSite` attribute’s protection of user data from request forgery by network attackers.
-Resolve this issue by migrating your site (as defined by the eTLD+1) entirely to HTTPS.
-It is also recommended to mark the cookie with the `Secure` attribute if that is not already the case.

package/build/src/third_party/issue-descriptions/SameSiteWarnCrossDowngradeSet.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Migrate entirely to HTTPS to continue allowing cookies to be set by same-site subresources
-A cookie is being set by {PLACEHOLDER_origin} origin in {PLACEHOLDER_destination} context.
-Because this cookie is being set across schemes on the same site, it will be blocked in a future version of Chrome.
-This behavior enhances the `SameSite` attribute’s protection of user data from request forgery by network attackers.
-Resolve this issue by migrating your site (as defined by the eTLD+1) entirely to HTTPS.
-It is also recommended to mark the cookie with the `Secure` attribute if that is not already the case.

package/build/src/third_party/issue-descriptions/SameSiteWarnStrictLaxDowngradeStrict.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Migrate entirely to HTTPS to continue having cookies sent on same-site requests
-A cookie is being sent to {PLACEHOLDER_destination} origin from {PLACEHOLDER_origin} context on a navigation.
-Because this cookie is being sent across schemes on the same site, it will not be sent in a future version of Chrome.
-This behavior enhances the `SameSite` attribute’s protection of user data from request forgery by network attackers.
-Resolve this issue by migrating your site (as defined by the eTLD+1) entirely to HTTPS.
-It is also recommended to mark the cookie with the `Secure` attribute if that is not already the case.

package/build/src/third_party/issue-descriptions/arInsecureContext.md DELETED Viewed

@@ -1,7 +0,0 @@
-# Ensure that the attribution registration context is secure
-This page tried to register a source or trigger using the Attribution Reporting
-API but failed because the page that initiated the registration was not secure.
-The registration context must use HTTPS unless it is `localhost` or
-`127.0.0.1`.

package/build/src/third_party/issue-descriptions/arInvalidInfoHeader.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Ensure that the `Attribution-Reporting-Info` header is valid
-This page tried to register a source or trigger using the Attribution Reporting
-API but failed because an `Attribution-Reporting-Info` response header was
-invalid.

package/build/src/third_party/issue-descriptions/arInvalidRegisterOsSourceHeader.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Ensure that the `Attribution-Reporting-Register-OS-Source` header is valid
-This page tried to register an OS source using the Attribution Reporting API
-but failed because an `Attribution-Reporting-Register-OS-Source` response
-header was invalid.

package/build/src/third_party/issue-descriptions/arInvalidRegisterOsTriggerHeader.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Ensure that the `Attribution-Reporting-Register-OS-Trigger` header is valid
-This page tried to register an OS trigger using the Attribution Reporting API
-but failed because an `Attribution-Reporting-Register-OS-Trigger` response
-header was invalid.

package/build/src/third_party/issue-descriptions/arInvalidRegisterSourceHeader.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Ensure that the `Attribution-Reporting-Register-Source` header is valid
-This page tried to register a source using the Attribution Reporting API but
-failed because an `Attribution-Reporting-Register-Source` response header was
-invalid.

package/build/src/third_party/issue-descriptions/arInvalidRegisterTriggerHeader.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Ensure that the `Attribution-Reporting-Register-Trigger` header is valid
-This page tried to register a trigger using the Attribution Reporting API but
-failed because an `Attribution-Reporting-Register-Trigger` response header was
-invalid.

package/build/src/third_party/issue-descriptions/arNavigationRegistrationUniqueScopeAlreadySet.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Ensure that multiple sources associated with the same navigation have the same attribution scopes
-The page tried to register a source using Attribution Reporting API, but the
-source was rejected because a previous source associated with the same
-navigation and reporting origin used a different set of attribution scopes.

package/build/src/third_party/issue-descriptions/arNavigationRegistrationWithoutTransientUserActivation.md DELETED Viewed

@@ -1,6 +0,0 @@
-# Ensure that navigation-source registrations are initiated by a user gesture
-This page tried to register a navigation source using the Attribution Reporting
-API but failed because the navigation was not initiated by a user gesture.
-Compared to event sources, navigation sources can release more cross-site
-information, and are therefore subject to this additional privacy control.

package/build/src/third_party/issue-descriptions/arNoRegisterOsSourceHeader.md DELETED Viewed

@@ -1,5 +0,0 @@
-# OS attribution source expected but corresponding header not found
-The page indicated, via the `Attribution-Reporting-Info` header, that it
-intended to register an OS source using the Attribution Reporting API, but the
-corresponding `Attribution-Reporting-Register-OS-Source` header was missing.

package/build/src/third_party/issue-descriptions/arNoRegisterOsTriggerHeader.md DELETED Viewed

@@ -1,5 +0,0 @@
-# OS attribution trigger expected but corresponding header not found
-The page indicated, via the `Attribution-Reporting-Info` header, that it
-intended to register an OS trigger using the Attribution Reporting API, but the
-corresponding `Attribution-Reporting-Register-OS-Trigger` header was missing.

package/build/src/third_party/issue-descriptions/arNoRegisterSourceHeader.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Web attribution source expected but corresponding header not found
-The page indicated, via the `Attribution-Reporting-Info` header, that it
-intended to register a web source using the Attribution Reporting API, but the
-corresponding `Attribution-Reporting-Register-Source` header was missing.

package/build/src/third_party/issue-descriptions/arNoRegisterTriggerHeader.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Web attribution trigger expected but corresponding header not found
-The page indicated, via the `Attribution-Reporting-Info` header, that it
-intended to register a web trigger using the Attribution Reporting API, but the
-corresponding `Attribution-Reporting-Register-Trigger` header was missing.

package/build/src/third_party/issue-descriptions/arNoWebOrOsSupport.md DELETED Viewed

@@ -1,4 +0,0 @@
-# No web or OS support for Attribution Reporting
-The page tried to send an attributionsrc request, but there was neither web nor
-OS support for the Attribution Reporting API, so the request was skipped.

package/build/src/third_party/issue-descriptions/arOsSourceIgnored.md DELETED Viewed

@@ -1,18 +0,0 @@
-# An attribution OS source registration was ignored because the request was ineligible
-This page tried to register an OS source using the Attribution Reporting API,
-but the request was ineligible to do so, so the OS source registration was
-ignored.
-A request is eligible for OS source registration if it has all of the following:
-- An `Attribution-Reporting-Eligible` header whose value is a structured
-  dictionary that contains the key `navigation-source` or `event-source`
-- An `Attribution-Reporting-Support` header whose value is a structured
-  dictionary that contains the key `os`
-Otherwise, any `Attribution-Reporting-Register-OS-Source` response header will
-be ignored.
-Additionally, a single HTTP redirect chain may register only all sources or all
-triggers, not a combination of both.

package/build/src/third_party/issue-descriptions/arOsTriggerIgnored.md DELETED Viewed

@@ -1,19 +0,0 @@
-# An attribution OS trigger registration was ignored because the request was ineligible
-This page tried to register an OS trigger using the Attribution Reporting API,
-but the request was ineligible to do so, so the OS trigger registration was
-ignored.
-A request is eligible for OS trigger registration if it has all of the following:
-- No `Attribution-Reporting-Eligible` header or an
-  `Attribution-Reporting-Eligible` header whose value is a structured
-  dictionary that contains the key `trigger`
-- An `Attribution-Reporting-Support` header whose value is a structured
-  dictionary that contains the key `os`
-Otherwise, any `Attribution-Reporting-Register-OS-Trigger` response header will
-be ignored.
-Additionally, a single HTTP redirect chain may register only all sources or all
-triggers, not a combination of both.

package/build/src/third_party/issue-descriptions/arPermissionPolicyDisabled.md DELETED Viewed

@@ -1,8 +0,0 @@
-# The Attribution Reporting API can’t be used because Permissions Policy has been disabled
-This page tried to use the Attribution Reporting API but failed because the
-`attribution-reporting` Permission Policy was explicitly disabled.
-This API is currently enabled by default for top-level and cross-origin frames,
-but it is still possible for frames to have the permission disabled by their
-parent, e.g. with `<iframe src="…" allow="attribution-reporting 'none'">`.

package/build/src/third_party/issue-descriptions/arSourceAndTriggerHeaders.md DELETED Viewed

@@ -1,9 +0,0 @@
-# Ensure that attribution responses contain either source or trigger, not both
-This page tried to register a source and a trigger in the same HTTP response
-using the Attribution Reporting API, which is prohibited.
-The corresponding request was eligible to register either a source or a
-trigger, but the response may only set either the
-`Attribution-Reporting-Register-Source` header or the
-`Attribution-Reporting-Register-Trigger` header, not both.

package/build/src/third_party/issue-descriptions/arSourceIgnored.md DELETED Viewed

@@ -1,13 +0,0 @@
-# An attribution source registration was ignored because the request was ineligible
-This page tried to register a source using the Attribution Reporting API, but
-the request was ineligible to do so, so the source registration was ignored.
-A request is eligible for source registration if it has an
-`Attribution-Reporting-Eligible` header whose value is a structured dictionary
-that contains the key `navigation-source` or `event-source`. If the header is
-absent or does not contain one of those keys, any
-`Attribution-Reporting-Register-Source` response header will be ignored.
-Additionally, a single HTTP redirect chain may register only all sources or all
-triggers, not a combination of both.

package/build/src/third_party/issue-descriptions/arTriggerIgnored.md DELETED Viewed

@@ -1,12 +0,0 @@
-# An attribution trigger registration was ignored because the request was ineligible
-This page tried to register a trigger using the Attribution Reporting API, but
-the request was ineligible to do so, so the trigger registration was ignored.
-A request is eligible for trigger registration if it has an
-`Attribution-Reporting-Eligible` header whose value is a structured dictionary
-that contains the key `trigger`, or if the header is absent. Otherwise, any
-`Attribution-Reporting-Register-Trigger` response header will be ignored.
-Additionally, a single HTTP redirect chain may register only all sources or all
-triggers, not a combination of both.

package/build/src/third_party/issue-descriptions/arUntrustworthyReportingOrigin.md DELETED Viewed

@@ -1,10 +0,0 @@
-# Ensure that attribution reporting origins are trustworthy
-This page tried to register a source or trigger using the Attribution Reporting
-API but failed because the reporting origin was not potentially trustworthy.
-The reporting origin is typically the server that sets the
-`Attribution-Reporting-Register-Source` or
-`Attribution-Reporting-Register-Trigger` header.
-The reporting origin must use HTTPS unless it is `localhost` or `127.0.0.1`.

package/build/src/third_party/issue-descriptions/arWebAndOsHeaders.md DELETED Viewed

@@ -1,11 +0,0 @@
-# Ensure that attribution responses contain either web or OS headers, not both
-This page included web and OS Attribution Reporting API headers in the same
-HTTP response, which is prohibited.
-The response may set at most one of the following headers:
-- `Attribution-Reporting-Register-OS-Source`
-- `Attribution-Reporting-Register-OS-Trigger`
-- `Attribution-Reporting-Register-Source`
-- `Attribution-Reporting-Register-Trigger`

package/build/src/third_party/issue-descriptions/bounceTrackingMitigations.md DELETED Viewed

@@ -1,3 +0,0 @@
-# Chrome may soon delete state for intermediate websites in a recent navigation chain
-In a recent navigation chain, one or more websites without prior user interaction were visited. If these websites don't get such an interaction soon, Chrome will delete their state.

package/build/src/third_party/issue-descriptions/clientHintMetaTagAllowListInvalidOrigin.md DELETED Viewed

@@ -1,4 +0,0 @@
-# Client Hint meta tag contained invalid origin
-Items in the delegate-ch meta tag allow list must be valid origins.
-No special values (e.g. self, none, and *) are permitted.

package/build/src/third_party/issue-descriptions/clientHintMetaTagModifiedHTML.md DELETED Viewed

@@ -1,4 +0,0 @@
-# Client Hint meta tag modified by javascript
-Only delegate-ch meta tags in the original HTML sent from the server
-are respected. Any injected via javascript (or other means) are ignored.

package/build/src/third_party/issue-descriptions/connectionAllowlistInvalidAllowlistItemType.md DELETED Viewed

@@ -1,12 +0,0 @@
-# An item in the `Connection-Allowlist` header is invalid.
-Each item in the `Connection-Allowlist`'s header's [Inner List](sfInnerList)
-must be a [String](sfString) representing a [URL Pattern](urlPatternSpec), or
-the [Token](sfToken) `response-origin`.
-For example, the following header allows connections to (only)
-`https://example.com/` and the origin from which the response was delivered:
-```
-Connection-Allowlist: ("https://example.com" response-origin)
-```

package/build/src/third_party/issue-descriptions/connectionAllowlistInvalidHeader.md DELETED Viewed

@@ -1,12 +0,0 @@
-# The `Connection-Allowlist` header is not formatted as a Structured Field List.
-Responses' `Connection-Allowlist` header should be formatted as a [List](sfList)
-containing a single [Inner List](sfInnerList) that declares the allowed set of
-[URL Patterns](urlPatternSpec) for a given context.
-For example, the following header allows connections to (only)
-`https://example.com/`:
-```
-Connection-Allowlist: ("https://example.com")
-```

package/build/src/third_party/issue-descriptions/connectionAllowlistInvalidUrlPattern.md DELETED Viewed

@@ -1,8 +0,0 @@
-# An item in the `Connection-Allowlist` header is not a valid URL pattern.
-Each item in the `Connection-Allowlist` header must be a valid
-[URL Pattern](urlPatternSpec) that can be used to match against the request's
-origin.
-Note that our current implementation does not allow regular expressions to be
-used as part of the pattern.

package/build/src/third_party/issue-descriptions/connectionAllowlistItemNotInnerList.md DELETED Viewed

@@ -1,12 +0,0 @@
-# An item in the `Connection-Allowlist` header is not an Inner List.
-Responses' `Connection-Allowlist` header should be formatted as a [List](sfList)
-containing a single [Inner List](sfInnerList) that declares the allowed set of
-[URL Patterns](urlPatternSpec) for a given context.
-For example, the following header allows connections to (only)
-`https://example.com/`:
-```
-Connection-Allowlist: ("https://example.com")
-```

package/build/src/third_party/issue-descriptions/connectionAllowlistMoreThanOneList.md DELETED Viewed

@@ -1,7 +0,0 @@
-# `Connection-Allowlist` has multiple items.
-Responses' `Connection-Allowlist` header should be formatted as a [List](sfList)
-containing a single [Inner List](sfInnerList) that declares the allowed set of
-[URL Patterns](urlPatternSpec) for a given context. This response was a
-[List](sfList) containing more than one item: all but the first have been
-ignored.

package/build/src/third_party/issue-descriptions/connectionAllowlistReportingEndpointNotToken.md DELETED Viewed

@@ -1,10 +0,0 @@
-# The `report-to` parameter in the `Connection-Allowlist` header is not a token.
-If provided, the `report-to` parameter must be a [Token](sfToken)
-naming a reporting endpoint.
-For example:
-```
-Connection-Allowlist: ("https://example.com");report-to=endpoint
-```

package/build/src/third_party/issue-descriptions/cookieCrossSiteRedirectDowngrade.md DELETED Viewed

@@ -1,12 +0,0 @@
-# Cookie is blocked due to a cross-site redirect chain
-The cookie was blocked because the URL redirect chain was not fully same-site,
-meaning the final request was treated as a cross-site request.
-Like other cross-site requests, this blocks cookies with `SameSite=Lax` or
-`SameSite=Strict`.
-For example: If site A redirects to site B which then redirects back to site A,
-the final request to site A will be a cross-site request.
-If this behavior is causing breakage, please file a bug report with the link
-below.

package/build/src/third_party/issue-descriptions/cookieExcludeBlockedWithinRelatedWebsiteSet.md DELETED Viewed

@@ -1,4 +0,0 @@
-# Third-party cookie blocked within the same Related Website Set
-A cookie embedded by a site in the top-level page's Related Website Set was blocked
-by third-party cookie blocking.

package/build/src/third_party/issue-descriptions/cookieExcludeDomainNonAscii.md DELETED Viewed

@@ -1,11 +0,0 @@
-# Ensure cookie `Domain` attribute values only contain ASCII characters
-`Domain` attributes in cookies are restricted to the ASCII character set. Any
-cookies that contain characters outside of the ASCII range in their `Domain`
-attribute will be ignored.
-To resolve this issue, you need to remove all non-ASCII characters from the
-`Domain` attribute of the affected cookies.
-If your site has an internationalized domain name (IDN), you should use
-[punycode](punycodeReference) representation for the `Domain` attribute instead.

package/build/src/third_party/issue-descriptions/cookieExcludePortMismatch.md DELETED Viewed

@@ -1,8 +0,0 @@
-# Cookie was not sent due to port mismatch
-Cookies can only be accessed by origins that share the same port as the origin
-that initially set the cookie.
-If this cookie is required for the request, the cookie will need to be set by an
-origin with the same port as the request. Alternatively, you can utilize the
-Domain attribute, which allows access to a cookie with a mismatched port.

package/build/src/third_party/issue-descriptions/cookieExcludeSchemeMismatch.md DELETED Viewed

@@ -1,7 +0,0 @@
-# Cookie was not sent due to scheme mismatch
-The cookie can only be accessed by origins that share the same scheme as
-the origin that initially set it.
-If this cookie is required for the request, the cookie will need to be set
-by an origin with the same scheme as the request.

package/build/src/third_party/issue-descriptions/cookieExcludeThirdPartyPhaseoutRead.md DELETED Viewed

@@ -1,6 +0,0 @@
-# Reading third-party cookie is blocked
-Cookies with the `SameSite=None; Secure` and not `Partitioned` attributes that operate in cross-site contexts are third-party cookies.
-Third-party cookies are restricted for this browser either because of Chrome flags or browser configuration.
-Learn more from the linked article about preparing your site to avoid potential breakage due to this.

package/build/src/third_party/issue-descriptions/cookieExcludeThirdPartyPhaseoutSet.md DELETED Viewed

@@ -1,6 +0,0 @@
-# Setting third-party cookie is blocked
-Cookies with the `SameSite=None; Secure` and not `Partitioned` attributes that operate in cross-site contexts are third-party cookies.
-Third-party cookies are restricted for this browser either because of Chrome flags or browser configuration.
-Learn more from the linked article about preparing your site to avoid potential breakage due to this.

package/build/src/third_party/issue-descriptions/cookieWarnDomainNonAscii.md DELETED Viewed

@@ -1,11 +0,0 @@
-# Ensure cookie `Domain` attribute values only contain ASCII characters
-`Domain` attributes in cookies are restricted to the ASCII character set. Any
-cookies that contain characters outside of the ASCII range in their `Domain`
-attribute will be ignored in the future.
-To resolve this issue, you need to remove all non-ASCII characters from the
-`Domain` attribute of the affected cookies.
-If your site has an internationalized domain name (IDN), you should use
-[punycode](punycodeReference) representation for the `Domain` attribute instead.

package/build/src/third_party/issue-descriptions/cookieWarnMetadataGrantRead.md DELETED Viewed

@@ -1,4 +0,0 @@
-# Third-party websites are allowed to read cookies on this page
-One or more websites are allowed to bypass user settings to read third-party cookies on this page. Web developers should take steps to remove these reads without disrupting user experience. To forcefully block these third-party cookies, update [user settings](manageCookiesHelpPage).
-{PLACEHOLDER_topleveloptout}

package/build/src/third_party/issue-descriptions/cookieWarnMetadataGrantSet.md DELETED Viewed

@@ -1,4 +0,0 @@
-# Third-party websites are allowed to set cookies on this page
-One or more websites are allowed to bypass user settings to set third-party cookies on this page. Web developers should take steps to remove these sets without disrupting user experience. To forcefully block these third-party cookies, update [user settings](manageCookiesHelpPage).
-{PLACEHOLDER_topleveloptout}

package/build/src/third_party/issue-descriptions/cookieWarnThirdPartyPhaseoutRead.md DELETED Viewed

@@ -1,6 +0,0 @@
-# Reading cookie in cross-site context may be impacted on Chrome
-Cookies with the `SameSite=None; Secure` and not `Partitioned` attributes that operate in cross-site contexts are third-party cookies.
-Chrome is moving towards a new experience that allows users to choose to browse without third-party cookies.
-Learn more from the linked article about preparing your site to avoid potential breakage.

package/build/src/third_party/issue-descriptions/cookieWarnThirdPartyPhaseoutSet.md DELETED Viewed

@@ -1,6 +0,0 @@
-# Setting cookie in cross-site context may be impacted on Chrome
-Cookies with the `SameSite=None; Secure` and not `Partitioned` attributes that operate in cross-site contexts are third-party cookies.
-Chrome is moving towards a new experience that allows users to choose to browse without third-party cookies
-Learn more from the linked article about preparing your site to avoid potential breakage.

package/build/src/third_party/issue-descriptions/corsAllowCredentialsRequired.md DELETED Viewed

@@ -1,6 +0,0 @@
-# Ensure CORS requests include credentials only when allowed
-A cross-origin resource sharing (CORS) request was blocked because it was configured to include credentials but the `Access-Control-Allow-Credentials` response header of the request or the associated preflight request was not set to `true`.
-To fix this issue, ensure that resources that expect credentialed CORS requests set the `Access-Control-Allow-Credentials` header to `true`.
-Note that this requires the `Access-Control-Allow-Origin` header to not be a wildcard `*`.

package/build/src/third_party/issue-descriptions/corsDisabledScheme.md DELETED Viewed

@@ -1,7 +0,0 @@
-# Ensure CORS requests are made on supported schemes
-A cross-origin resource sharing (CORS) request was blocked because the scheme of the request's URL doesn't support CORS.
-To fix this issue, ensure all CORS request URLs specify a supported scheme, e.g. most commonly https://.
-Note that if an opaque response is sufficient, then for some schemes the request's mode can be set to `no-cors` to fetch the resource with CORS disabled; that way the scheme doesn't need to support CORS, but the response content is inaccessible (opaque).

package/build/src/third_party/issue-descriptions/corsDisallowedByMode.md DELETED Viewed

@@ -1,7 +0,0 @@
-# Ensure only same-origin resources are fetched with same-origin request mode
-A cross-origin resource sharing (CORS) request to a cross-origin resource was blocked because the request mode was set to `same-origin`.
-To fix this issue, ensure that only same-origin resources are fetched with the `same-origin` request mode. If you need to fetch a cross-origin resource, use a request mode such as `cors`.
-Note that if an opaque response is sufficient, the request's mode can be set to `no-cors` to fetch the resource with CORS disabled; that way CORS headers are not required but the response content is inaccessible (opaque).

package/build/src/third_party/issue-descriptions/corsHeaderDisallowedByPreflightResponse.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Ensure CORS request includes only allowed headers
-A cross-origin resource sharing (CORS) request was blocked because it contained request headers that were neither CORS-safelisted (`Accept`, `Accept-Language`, `Content-Language`, `Content-Type`) nor allowed by the `Access-Control-Allow-Headers` response header of the associated preflight request.
-To fix this issue, include the additional request headers you want to use in the `Access-Control-Allow-Headers` response header of the associated preflight request.

package/build/src/third_party/issue-descriptions/corsInvalidHeaderValues.md DELETED Viewed

@@ -1,7 +0,0 @@
-# Ensure CORS response header values are valid
-A cross-origin resource sharing (CORS) request was blocked because of invalid or missing response headers of the request or the associated [preflight request](issueCorsPreflightRequest).
-To fix this issue, ensure the response to the CORS request and/or the associated [preflight request](issueCorsPreflightRequest) are not missing headers and use valid header values.
-Note that if an opaque response is sufficient, the request's mode can be set to `no-cors` to fetch the resource with CORS disabled; that way CORS headers are not required but the response content is inaccessible (opaque).

package/build/src/third_party/issue-descriptions/corsLocalNetworkAccessPermissionDenied.md DELETED Viewed

@@ -1,19 +0,0 @@
-# Ensure that local network requests are compatible with restrictions
-A site requested a resource from a network that it could only access because of
-its users' privileged network position.
-These requests expose devices and servers to the internet, increasing the risk
-of a cross-site request forgery (CSRF) attack and/or information leakage.
-To mitigate these risks, Chrome is requiring the user grant explicit
-permission before a site can make local network requests. Local network requests
-are those that go to either private IP addresses, .local domains, or loopback
-addresses. Additionally, Chrome will block local network requests (both
-subframes and subresources) when initiated from non-secure contexts.
-If the user explicitly grants the permission, the site can make local network
-requests over HTTP for hostnames that are private IP addresses, .local
-hostnames, or to localhost. Sites can also set the `targetAddressSpace` fetch
-option to `private` or `local` to mark requests as being local network requests,
-which will allow them to be made over HTTP.

package/build/src/third_party/issue-descriptions/corsMethodDisallowedByPreflightResponse.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Ensure CORS request uses allowed method
-A cross-origin resource sharing (CORS) request was blocked because it neither uses one of the CORS-safelisted methods (`GET`, `HEAD`, `POST`) nor was the request method explicitly allowed by the `Access-Control-Allow-Methods` response header of the associated [preflight request](issueCorsPreflightRequest).
-To fix this issue, include the request method in the `Access-Control-Allow-Methods` header of the associated preflight request.

package/build/src/third_party/issue-descriptions/corsNoCorsRedirectModeNotFollow.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Ensure no-cors requests configure redirect mode follow
-A cross-origin resource sharing (CORS) request was blocked because it was configured to use request mode `no-cors` but did not use the redirect mode `follow`.
-To fix this issue, ensure that whenever the request mode `no-cors` is set then the redirect mode is set to `follow`.