Firefox/Meeting/5-May-2020

Today’s meeting leader is: mconley

General Topics / Roundtable

• Today is Firefox 76 release day! 🎉

  • Blog post highlighting password manager improvements 🔑

  • Hacks article with platform & devtools changes 🛠

• [rachel] Working on a way to keep Desktop ⇔ SUMO better in sync here (TL;DR - mailing list). If you have thoughts/feedback, it’s welcome there.
• [mconley] CPOW support over message managers is gone! Thanks, Gijs!

Friends of the Firefox team

Introductions/Shout-Outs

Resolved bugs (excluding employees)

Fixed more than one bug

• aarushivij
• Andrew Swan [:aswan]
• Artem
• Atique Ahmed Ziad [:atiqueahmedziad]
• Itiel
• Jayati Shrivastava
• Julian Shomali
• Obayagbona Uwagbae Alexander
• Oriol Brufau [:Oriol]
• Ratnabali Dutta
• Tim Nguyen :ntim
• Tom Schuster [:evilpie]

New contributors (🌟 = first patch)

• <Will be filled in after the meeting>

Project Updates

Accessibility

Add-ons / Web Extensions

WebExtensions Framework

• Permissions:

  • Many more permission can be used as optional_permission in Firefox >= 77, in particular the “management” (Bug 1630419), “pkcs11” (Bug 1630418), “browsingData” (Bug 1630417), “sessions” (Bug 1630414), “proxy” (Bug 1548011) and “devtools” (Bug 1606862)

  • Starting from Firefox >= 77 “unlimitedStorage” doesn’t trigger the permission prompt anymore (Bug 1630413)

• First bits of the new rust-based browser.storage.sync backend are being landed (1629689, 1626506, 1634257), Thanks to :lina, :markh and :lougenia!

• webRequest and filterResponseData:

  • Removed support for data:URLs in the webRequest API (Bug 1631933), this change has the side-effect of improving performance (e.g. see Bug 1630737), at the cost of removing the limited, as read-only, and not often used support for the data urls in the webRequest API

  • content-security-policy headers provided by multiple extensions are now merged (Bug 1462989). Thanks to tobias for contributing a fix for this long standing enhancement request

  • Fixed some webRequest.filterResponseData issues (e.g. when intercepting js scripts which are in the bytecode cache, Bug 1530408, on requests handled by service workers Bug 1595197, and on Fission process switch, Bug 1597159)

• Other fixes:

  • Fix add-ons issues when running with network-cookie.sameSite.laxByDefault set to true (Bug 1629436)

  • Fixed browserAction.setTitle issues on titles with newline chars (Bug 1624238). Thanks nhnt11 for contributing this fix.

WebExtension APIs

• browser.permissions.onAdded/onRemoved API events are supported in Firefox >= 77 (Bug 1444294)
• Thanks to Atique Firefox >= 77 supports tabs.goForward/goBack (Bug 1603796), part of new tab API methods recently introduced in Chrome 72
• Thanks to Ariasuni browser.tabs.duplicate() can now specify index and active property (Bug 1560218)
• Thanks to evilpie browsingData can now be used to clear ServiceWorkers and IndexedDB by hostname (Bug 1632990, Bug 1551301)

Addon Manager & about:addons

• Fixed permissions prompt not being shown (and new permissions silently allowed) when an update was found in the background (Bug 1544890)
• Fixed issues with Firefox starting with all themes disabled (Bug 1630694)
• Fixed an issue related to system addon updates (Bug 557710, part of Addon Manager changes needed for Normandy)

Applications

Firefox Accounts

Sync and Storage

• Over 4.5 million users are now routed to the new Rust based sync backend (“Durable Sync”). We’re planning to start migrating existing user accounts over the next few months. You can follow along with updates to our migration logic here.

Push

• Fixed an issue related to server side limits on headers that broke push notifications in Nightly 76.

Developer Tools

• Debugger & Console

  • The new Context Selector has now been enabled for the Browser Toolbox in Nightly and has been wired up to more interactions for automatic context switching (pausing a debugger thread, selecting DOM nodes in iframes, etc)
    

    299x266px
    

    Screenshot

  • Contributor :janelledement added Watchpoint support for pausing on either get or set
    

    469x223px
    

    Context menu in the scopes expanded from just get and set to “get and set” option

  • Debugger-related options, starting with Disable JavaScript, are now exposed in a Settings menu right in Debugger, similar to Console and Network
    

    385x153px
    

    Screenshot with caption

  • Stepping in the debugger now uses the selected frame as a reference point, making it easier to understand stepping while navigating in and out of execution paths.

453x247px
Screenshot: https://imgur.com/UpEkxHA with caption

• Network

  • The newly added Initiator column, which shows request stack traces, has been merged with the Cause button, thanks to contributor transfusion for all his work.
    

    390x117px
    

    Screenshot

  • New settings menu, similar to Debugger and Console, to reduce clutter in the toolbar and to provide more advanced options
    

    344x202px
    

    Screenshot and caption

  • Thanks to :hiro the Network panel now indicates lazy-loaded resources in the cause column
    

    402x157px
    

    Screenshot & caption

  • WebSocket Inspector allows hiding control frames, thanks to contributor kishlaya.j

  • New Context Menu for list of blocking rules in the request blocking panel (bug).
    

    442x250px
    

    Screenshot: https://imgur.com/0oMiIGd

• Application Panel

  • Service Workers instances are now listed in all their states, so installed and waiting workers can be inspected and controlled at the same time.
    

• CSS Compatibility Panel

  • New feedback button added to the footer (bug) to gather user feedback in DevEdition. The button points to the WebCompat Panel feedback form.
    

    332x346px
    The compatibility panel is now available for early preview in DevEdition.
    

Fission

• 6 bugs left in M5. Starting to move on to M6, currently scheduled for August.
• Work on fission performance is ramping up. Charts are available!
• Remote Page Manager has been converted to use JSWindowActors. Some about pages are already using it: about:neterror, protections, privatebrowsing, plugins, and tabcrashed.
• Search field handling on about pages have also been converted to use JSWindowActors.
• Translation bar is now fission compatible.
• fission.autostart to true to try it out

Installer & Updater

• Landed a large refactor of the stub installer UI logic, getting it out of NSIS and over to pure HTML/CSS/JS. Thanks to mhowell and agashlin for a lot of work here in getting this landed.
• Made some minor installer text changes.
• Implemented support for attribution on the full installer. This follows roughly the same approach that we took for attribution on the stub installer. Next steps here are coordinating with other teams(releng, bedrock, etc) to get the other pieces in place so we can enable this.
• Ability to download and parse update XML added to the upcoming background update agent.

Lint

• ESLint should now be able to detect globals in mochitest html files when referenced from the top-level directory, e.g.

  • <script type="text/javascript" src="/tests/dom/events/test/event_leak_utils.js"></script>

  • Previously you'd have needed to use import-globals-from.

New Tab Page

• Pocket stories experiment in the UK is finished, final decision is being made, but we’re likely to turn this on for 100% of the UK in 77.
• Pocket collections experiment wrapping up. This is a feature where we show three similar pocket stories grouped together for a limited time.
• In 76 we’re going to run the personalization v2 in webworker experiment.

• In 77 we’re going to run two new experiments.

  • A hero layout where the pocket story card is larger and the next four are smaller. This is a variant to an experiment we ran many releases ago. It shows promise in engagement.

  • We’re also experimenting with an email signup in the second row of stories. This works like sponsored content and also can be dismissed and opted out of.

• In 78 we’re going to be experimenting with pocket stories that are video content.
• In 78 we’re going to be experimenting with popular topics element positioning. Which right now is pretty low on the page.

NodeJS

Password Manager

• Check out all the great stuff that shipped in 76!

• Highlights

  • Stop pre-filtering logins from autocomplete and the context menu to about:logins

  • Avoid a sync layout flush in the main thread of the parent process when rendering the Password Manager autocomplete popup

    • This was a major performance improvement for password generation autocomplete rows and also helped with saved login rows.

  • OS re-authentication in about:logins

    • Improved handling of usernames and domain accounts for Windows authentication
    • Improved error messaging in the Windows authentication prompt and now using the system policy to determine the limit of authentication attempts

  • Deploy CFR: Offer Fx Sync when a password is updated

  • Add “Lockwise” as a search keyword for login and password preferences

  • Proxy auto-login now works again thanks to mkaply!

  • Avoid saving a munged password in login storage

  • Remove old password manager UI (passwordManager.xhtml) from mozilla-central 👋

  • When autofilling logins with empty username fields, username boxes should not be highlighted

  • Support for pages with more than 3 password fields

  • Many dismissed-by-default doorhanger follow-ups

PDFs & Printing

• Project focused at finding and fixing the places where attempting to view PDFs pushes users out of Firefox

  • Complete

    • Improving our understanding of unsupported features in pdf.js
    • Labeling of default app handling is confusing when Firefox can handle the file internally

  • In progress

    • Fixing the bug where setting Firefox as the default handler for PDF files opens infinite tabs
    • Opening a PDF from the downloads panel will open the PDF into pdf.js
    • Adding a “Open with Firefox” option for PDF files in the Unknown Content Type (Helper App) dialog
    • When users choose to open a fallback PDF viewer, apply options to open the fallback PDF viewer with options applied to keep focus on just the PDF

Performance

• bigiri continues to make progress splitting out the snippets code from ASRouter
• dthayer and emalysz filed a whole slew of bugs that they found while looking at disk activity during startup
• emalysz made the nsTerminator smarter when dealing with slow shutdowns
• mconley landed the about:home startup cache reading, writing and scheduling components.
• Gijs is in the midst of converting a number of our panels to be lazier to improve startup and window opening times
• Gijs is making RemoteSettings shutdown more reliable
• Gijs fixed a RemoteSettings performance regression
• Gijs fixed a bug where the startupcache broke
• florian is looking to make our mochitest framework exit(0) as soon as test results get dumped for faster test runs
• mconley got the PerfService.jsm off of the hidden DOM window, which means we don’t need to create the hidden DOM window for Windows / Linux early during startup anymore

Performance Tools

• Better support for Chrome profile data import.

  • A reminder that you can import linux perf and Chrome profile formats into Firefox Profiler by just dragging and dropping the file.

• Paul Adenot added a "Media" preset to the profiler capturing UI and he wrote a great blog post on how to profile media workloads in Firefox!

  • You can file a bug if you would like us to add another preset to the capture UI.

274x217px
Click to the settings select box to choose a different preset in the profiler capturing UI

• Now Firefox Profiler keeps audio threads visible even if there's only a few samples.

Picture-in-Picture

• Fixed:

  • Bug 1631303 - PiP controls can break (macOS, release) - clicking blue PiP indicator on BBC iPlayer video did not show player (playerWin is null)

  • Bug 1619979 - Picture-in-Picture toggle appears on videos that are laid out with small dimensions

  • Bug 1627817 - PiP full screen transition is too slow

Privacy/Security

Remote Protocol (Chrome DevTools Protocol subset)

• Page.getFrameTree now returns all the frames of the current tab target and is now also Fission compatible.
• Page.navigate now waits until the response of the initial document request has been received and is therefore able to return errorText when navigation fails.

Search and Navigation

Search

• The modern search configuration is now aiming to be shipped in 78, as we have parity with the existing ABSearch/legacy configuration.

  • Parts of the work to allow updating of the search engine WebExtensions have been split out to a separate bug to be shipped soon.

• The first part of centralising region code should be landing this iteration.

Address Bar

• Typing long math operations should now return proper results in search suggestions - Bug 1618769

• The bookmarks toolbar has been adjusted, so it’s easier to use with touch screens and mouse, and it’s not covered by the address bar expansion - Bug 1628243

  • Also the shadow when results are closed has been reduced - Bug 1630506

• It’s now possible to directly search for strings like “class.method” without having to prefix them with a question mark, and we correct the most common suffix typos, like mozilla.ogr - Bug 1080682

  • Use browser.fixup.domainwhitelist.YOUR_DOMAIN prefs to exclude special domains with invalid public suffixes

  • Use browser.fixup.dns_first_for_single_words to always go through an enterprise DNS

  • We are introducing a suffix whitelist in Bug 1634650

• browser.urlbar.oneOffSearches has been removed, as original intended; use the checkboxes in about:preferences#search to hide one-off buttons - Bug 1628926
• More deduping of similar results - Bug 1632804, Bug 1626946
• Pinned Top Sites show a pinned badge to better indicate their source - Bug 1631844
• Url wrapping to a second line happens sooner when shrinking the urlbar - Bug 1629928
• Various improvements to RTL and text overflow masks
• Added a forced search result when a string looking like an e-mail address is typed - Bug 1412985

User Journey

• Testing X-Man with an A/A CFR experiment making sure everything is working
• Experiment: Contextually suggest importing passwords as an autocomplete entry

This week I learned

• [MattN] event.composed (boolean) if true, it bubbles past the shadow root and up to the rest of the document. Some standard events are composed, some are not. If it is composed, and you look at event.target, it’d be the host element normally. If you want to know about the inner element, it’s event.composedTarget.