These Weeks in Firefox: Issue 74

Highlights

• The Network panel is now showing even requests rejected by CORS (Cross-origin resource sharing). All rejected requests are using red color as you can see in the following screenshot. Note that there is also corresponding warning in the Console panel for each rejected request.
  
  

• Console panel error inspection has been improved significantly and it should be possible to see all properties of an error object directly in the Console panel (by expanding the error object) in a lot more cases. You can also right  click on an error object and pick “Inspect object in Sidebar” from the context menu (bug). In addition to that you should be also able see callstack for unhandled rejected promises (bug)
  

  

• The Network panel is showing name of the related Add-on responsible for blocking an HTTP request e.g. uBlock Origin or Adblock Plus (bug)
  

  

• It is possible to manually block HTTP requests using drag-and-block. Just drag a request from the panel list and drop it onto the Blocking side panel (bug) 
  

  

• Updated password heuristics model to version 4.0 in order to bring password generation to even more websites.
  • Seeing a substantial increase in usage of Firefox’s password generation:
    
    
  • (Number of passwords generated, normalized by the number of sites without an existing saved password)
• It’s now possible to directly search for strings like “class.method” without having to prefix them with a question mark, and we correct the most common suffix typos, like mozilla.ogr
• Relatedly, the address bar can now recognize custom domain suffixes using browser.fixup.domainsuffixwhitelist.yoursuffix (.test, .example, .invalid, .localhost, .internal, .local are set by default)
• Opening PDFs from Firefox’s download panel now opens the PDF directly within Firefox

 

Friends of the Firefox team

Resolved bugs (excluding employees)

Fixed more than one bug

• Andrew Swan [:aswan]
• Farooq AR
• Itiel
• Martin Stránský [:stransky]
• Etienne Bruines

New contributors (🌟 = first patch)

• Julian Shomali converted URL bar DTD strings to fluent
• 🌟 Kushal Jain (:Kage) resolved case sensitive issue in the Cookies panel
• 🌟 Kyle Knaggs fixed the pretty print icon
• Manas fixed the way how HTTP header values are displayed

 

Project Updates

Addon Manager & about:addons

• Andrew Swan contributed the changes needed to handle updates for built-in extensions (the one bundled into the omni.ja) Bug 1571876, which was also a blocker for completing the migration of some system addons into built-in (e.g. Screenshots as part of bug 1568270), and another change to avoid checking the blocklist for built-in and system addons (Bug 1633396), which is likely helpful to avoid some additional work during the startup

 

WebExtensions Framework

• Fixed a regression in Firefox 76 related to the runtime.onConnect API event (Bug 1635637), the regression has been reported on bugzilla for Amazon Assistant extension (but it was likely going to affect some other extension), thanks to Tomislav for quicking working on a fix (and Rob for helping on quickly investigating the reasons behind the regression).
• :baku fixed a regression that was going to break “Reddit Enhancement Suite” in Firefox 77 (Bug 1635490)
• Fixed a regression in Firefox 78, related to the webRequest event listeners, that was likely going to affect Adblock Plus (Bug 1638581). Fixing this regression did also fix Bug 1638476 (related to the new “blocking by extension” feature part of the devtools network panel)

 

WebExtension APIs

• Additional parts of the new rust-based browser.storage.sync backend landed in the last two weeks (Bug 1623245, Bug 1634191, Bug 1637169, Bug 1635688, Bug 1637165), Thanks to the markh and lina!
• Contributions:
  • The new browser.tabs.goForward and browser.tabs.goBack API methods are now also supported on GeckoView / Fenix (Bug 1633328). Thanks Atique for contributing this new API on both Firefox Desktop and GeckoView!
  • browser.downloads.download now remembers the most recently used directory when the API call does also use the “saveAs: true” option (Bug 1395207). Thanks to Mark Smith for contributing this enhancement!

 

Developer Tools

• Console panel – On Nightly you can inspect an error object in the sidebar. Just right click on the error object and pick “Inspect object in Sidebar” menu action (Bug 1634432)
  

  

• Debugger panel – map scopes for Logpoints. This feature allows using original variable names within a logpoint (if source map is available) (bug)
  

  

• About:debugging – See/change remote URL from about:devtools-toolbox. This is handy features allows the user to change URL of remotely debugged page directly from DevTools. No more typing on small phone keyboard (bug)
  

  

• Network Panel – Headers panel facelift (better summary info + expandable URL & query arguments inspection). You’ll fall in love with the new side panel Bug 1631295

  

• Fission – Call for Fission feedback (+ RDM shipped to DevEdition)

 

Lint

• Kwan landed a set of patches to ensure that we don’t throw bare `Components.results` items in Javascript, instead ensuring they are wrapped in `Components.Exception`.

 

New Tab Page

• The team is experimenting with a new card treatment for stories that link to videos.
• The team is also experimenting with moving the popular topics element a bit further up the page.

 

Password Manager

• Disable the OS authentication prompt from about:logins due to abnormally high failure rate (Fx76 and Fx77). One reason was:
  • Some users are confused about which password/PIN to enter in the OS re-auth dialog from about:logins – new Windows dialog strings
    • We will do a study in Fx77 with the new strings (along with bug 1631879) to see how much they improved the success rate of authenticating. UX will also make a recommendation for next steps when they are finished with another project.
• Remember that a Windows accounts has no password to limit future failed authentication attempts 
• Allow user to remove the saved login/password from the doorhanger when being asked to update it
  
  
  

  (Login update doorhanger with a dropdown on the secondary action to “Remove Saved Login”)

• Fix login autocomplete when a field’s parent is a Shadow Root
• Update new password heuristics model to version 4.0 in order to bring password generation to even more websites.

 

PDFs & Printing 

• Firefox opens infinite tabs when set as the OS default file handler for PDFs
• pdfs with content-type application/octet-stream are downloaded without confirmation, even though Preview in Firefox is enabled
• Should be able to view PDFs even if the response HTTP headers include Content-Disposition:attachment
  • 
    
    

• Labeling of default app handling in preferences is confusing for PDF files
  
  
  

 

Performance

• bigiri working on running the snippets code entirely within the content process.
• emalysz has a patch in review which shows a consistent 25% improvement in startup times on Windows reference hardware by changing the list of DLLs we preload during startup
  
  
  

• florian landed work to exit(0) at the end of mochitests on opt builds, saving infra time.
• Gijs and emalysz landed several patches to lazily insert panels and popups into the DOM only as needed.
• dthayer is working on patches to eliminate omnijar reads during typical startups by expanding the scope of the startup cache, allowing us to avoid IO and lazily open omnijar files.
• emalysz is experimenting to see if we can decrease the shutdown terminator’s timeout setting without substantially increasing overall shutdown hangs, with the hope of limiting time spent waiting for a hung shutdown (for instance, during OS shutdown).

 

Remote Protocol (Chrome DevTools Protocol subset) 

• Contributor Etienne Bruines implemented offline mode for Network.emulateNetworkConditions to allow testing frameworks to verify the correct offline behavior for web applications. Thanks, Etienne!
• The Runtime.executionContextCreated and Runtime.executionContextDestroyed events are now correctly emitted when subframes are created and destroyed. To not break users of Puppeteer while further work for frames needs to be landed, both events are temporarily put behind the `remote.frames.enabled` preference, and not sent out by default.
• The Network.requestWillBeSent event has been updated to include request headers and document URL.
• The Network.responseReceived event is available now. Some data about the response, such as security state, will be implemented later.
• loaderId of document request is now included in Page.lifecycleEvent 

 

Search and Navigation

• Modern Search Configuration
  • We have just finished landing a set of patches for integrating our partner distribution engines into the configuration. This allows us to manage these in a better way and reduces the amount of special code for distributions.
• Improving region detection
  • Region.jsm has now landed, work is under way to move the SearchService region handling across to it.
  • Next up will be moving other consumers of the region preference to use the jsm.
• Cleaning up the search service
  • With modernisation now almost shipping, the next steps will be to start a late spring clean on the search service. This is mainly aimed at cleaning up the startup code and handling of configuration changes, though other areas will be included as well.

 

Address Bar

• Search suggestions are now highlighted differently, only non typed words and tail of typed words are highlighted – Bug 1636696
• The team continues working on improving results matching and composition, a few things we’re currently looking into:
  • historical and tail search suggestions
  • experiments about new search experience
  • more consistent search or visit heuristic when typing
  • Improved autofill and scoring

 

User Journey

The multi-stage about:welcome project is underway