1 files changed, 81 insertions, 0 deletions
diff --git a/template/en/default/admin/params/advanced.html.tmpl b/template/en/default/admin/params/advanced.html.tmpl
new file mode 100644
index 000000000..a8e8a297b
--- /dev/null
+++ b/template/en/default/admin/params/advanced.html.tmpl
@@ -0,0 +1,81 @@
+[%# The contents of this file are subject to the Mozilla Public
+  # License Version 1.1 (the "License"); you may not use this file
+  # except in compliance with the License. You may obtain a copy of
+  # the License at http://www.mozilla.org/MPL/
+  #
+  # Software distributed under the License is distributed on an "AS
+  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+  # implied. See the License for the specific language governing
+  # rights and limitations under the License.
+  #
+  # The Original Code is the Bugzilla Bug Tracking System.
+  #
+  # The Initial Developer of the Original Code is Netscape Communications
+  # Corporation. Portions created by Netscape are
+  # Copyright (C) 1998 Netscape Communications Corporation. All
+  # Rights Reserved.
+  #
+  # Contributor(s): Dave Miller <justdave@bugzilla.org>
+  #                 Frédéric Buclin <LpSolit@gmail.com>
+  #%]
+
+[% 
+   title = "Advanced"
+   desc = "Settings for advanced configurations."
+%]
+
+[% sts_desc = BLOCK %]
+  Enables the sending of the 
+  <a href="http://en.wikipedia.org/wiki/Strict_Transport_Security">Strict-Transport-Security</a>
+  header along with HTTP responses on SSL connections. This adds greater
+  security to your SSL connections by forcing the browser to always
+  access your domain over SSL and never accept an invalid certificate. 
+  However, it should only be used if you have the <code>ssl_redirect</code>
+  parameter turned on, [% terms.Bugzilla %] is the only thing running
+  on its domain (i.e., your <code>urlbase</code> is something like
+  <code>http://bugzilla.example.com/</code>), and you never plan to disable
+  the <code>ssl_redirect</code> parameter.
+  <ul>
+    <li>
+      off - Don't send the Strict-Transport-Security header with requests.
+    </li>
+    <li>
+      this_domain_only - Send the Strict-Transport-Security header with all
+      requests, but only support it for the current domain.
+    </li>
+    <li>
+      include_subdomains - Send the Strict-Transport-Security header along
+      with the <code>includeSubDomains</code> flag, which will apply the
+      security change to all subdomains. This is especially useful when
+      combined with an <code>attachment_base</code> that exists as (a)
+      subdomain(s) under the main [% terms.Bugzilla %] domain.
+    </li>
+  </ul>
+[% END %]
+
+[% param_descs = {
+  cookiedomain => 
+    "If your website is at 'www.foo.com', setting this to"
+    _ " '.foo.com' will also allow 'bar.foo.com' to access"
+    _ " $terms.Bugzilla cookies. This is useful if you have more than"
+    _ " one hostname pointing at the same web server, and you"
+    _ " want them to share the $terms.Bugzilla cookie.",
+
+  inbound_proxies =>
+    "When inbound traffic to $terms.Bugzilla goes through a proxy,"
+    _ " $terms.Bugzilla thinks that the IP address of every single"
+    _ " user is the IP address of the proxy. If you enter a comma-separated"
+    _ " list of IPs in this parameter, then $terms.Bugzilla will trust any"
+    _ " <code>X-Forwarded-For</code> header sent from those IPs,"
+    _ " and use the value of that header as the end user's IP address.",
+
+  proxy_url => 
+    "$terms.Bugzilla may have to access the web to get notifications about"
+    _ " new releases (see the <tt>upgrade_notification</tt> parameter)."
+    _ " If your $terms.Bugzilla server is behind a proxy, it may be"
+    _ " necessary to enter its URL if the web server cannot access the"
+    _ " HTTP_PROXY environment variable. If you have to authenticate,"
+    _ " use the <code>http://user:pass@proxy_url/</code> syntax.",
+
+  strict_transport_security => sts_desc,
+} %]