Firefox 138 release notes for developers

Changes for web developers

HTML

• The importmap value of the type attribute of the <script> element now supports the integrity key. This allows the ES module URLs referenced in the import maps to be matched against their integrity metadata. As a result, these modules are now compatible with CSP directives that require Subresource Integrity (SRI). (Firefox bug 1945540).

CSS

No notable changes

JavaScript

• The Error.captureStackTrace() static method is now supported. This installs stack trace information on a provided object as the Error.stack property. Its main use case is to install a stack trace on a custom error object that does not derive from the Error interface. (Firefox bug 1950508).
• The Error.isError() static method can now be used to check whether or not an object is an instance of an Error or a DOMException. This is more reliable than using instanceof for the same purpose. (Firefox bug 1952249).
• The import declaration now supports importing JSON modules using the with attribute.

HTTP

• The Clear-Site-Data header can be used with the cache (and *) directive to clear the browser network cache. This gives websites more control over data stored for their users, allowing them to, for example, mitigate the risk of privacy leaks by clearing the cache during logout. (Firefox bug 1942272).
• The HTTP Origin-Agent-Cluster response header can now be used by a site to hint that the associated document should be placed in an origin-keyed agent cluster. When in such a cluster, the operating system process and/or other OS resources used by the document are only shared with other documents from the same origin. This makes it less likely that a resource-intensive document will degrade the performance of documents from other origins. Developers can test whether the browser has put the document in an origin-keyed agent cluster using the window.originAgentCluster property. (Firefox bug 1665474)

APIs

• The Login Status API is now supported when using the Federated Credential Management (FedCM) API. It can be used to set and check whether a browser user is logged in to an identity provider. This includes support for the NavigatorLogin interface, the navigator.login property, and the Set-Login HTTP response header. (Firefox bug 1945576 and Firefox bug 1945573).
• The Web Audio API now supports bidirectional messaging on an AudioWorklet.port and an AudioWorkletGlobalScope.port. This allows for custom, asynchronous communication between code in the main thread and the global scope of an audio worklet, such as receiving control data or global settings. (Firefox bug 1951240)
• The getFingerprints() method of the RTCCertificate interface is now supported. An application can use this to get fingerprints for a certificate, which might be shared out-of-band in order to identify a particular user or browser across WebRTC sessions. (Firefox bug 1525241).

DOM

Media, WebRTC, and Web Audio

• WebRTC applications can now set a preference for prioritizing framerate or resolution when both cannot be maintained at the configured levels due to network degradation. The value is set using the degradationPreference property in the parameter object passed to the setParameters() method of the RTCRtpSender interface. It can also be read from the object returned by the getParameters() method. (Firefox bug 1329847).

WebDriver conformance (WebDriver BiDi, Marionette)

General

• All remote protocols now enable the preferences required to properly pipe logs to stdout (Firefox bug 1947740).
• A new Firefox argument, --remote-enable-system-access, was added to enable sensitive features, such as interacting with Browsing Contexts in the parent process (e.g., Browser UI) or using privileged APIs in content processes. This will be used for WebDriver BiDi features in the next releases, and can already be used with Marionette (see the Marionette section below) (Firefox bug 1944565).

WebDriver BiDi

• The webExtension.install command now installs web extensions temporarily by default, allowing it to be used with unsigned extensions - either as an XPI file or as an unpacked folder. A new Firefox-specific parameter, moz:permanent, has been added to force installation as a regular extension instead (Firefox bug 1947678).
• The browsingContext.setViewport command now supports a userContexts parameter, which must be an array of user context (Firefox container) ids. When provided, the viewport configuration will be applied to all Browsing Contexts belonging to those user contexts, as well as any future contexts created within them. This parameter cannot be used together with the existing context parameter (Firefox bug 1940952).
• The browsingContext.Info type now includes a clientWindow property corresponding to the ID of the window owning the Browsing Context. It is typically returned by browsingContext.getTree or included in the payload of events such as browsingContext.contextCreated (Firefox bug 1920952).

Marionette

• Switching to the chrome (parent process) context with Marionette now requires using the --remote-enable-system-access command-line flag when starting Firefox (Firefox bug 1710425).

Changes for add-on developers

• Support provided for page_action as a menus.ContextType in the menus API for Manifest V3 extensions. This provides Manifest V3 extensions the same ability as Manifest V2 extensions to add menu items to page_action. (Firefox bug 1951166)
• The contextualIdentities API is no longer defined in Firefox for Android. Previously, it was defined but defective. (Firefox bug 1659500)
• The contextualIdentities permission is now not recognized on Firefox for Android. Previously, it enabled a broken version of the "containers" feature. (Firefox bug 1659500)
• The new Manifest V3 version of the userScripts API is now available on Firefox for Android. (Firefox bug 1949955)
• Implements the webRequest.handlerBehaviorChanged API. In previous versions this method was exposed but did nothing. (Firefox bug 1657575)
• The alarms.create API now returns a Promise instead of undefined. (Firefox bug 1869171)
• Support added to enable the manipulation of tabs within tab groups, including the addition of:
  • tabs.group() and tabs.ungroup(). (Firefox bug 1959714)
  • groupId to tabs.Tab. (Firefox bug 1959713)
  • groupId to tabs.query. (Firefox bug 1959715)
  • groupId to tabs.onUpdated. (Firefox bug 1959716
• The json resource type is now supported in both webRequest.ResourceType and declarativeNetRequest.ResourceType in Firefox, with import attributes enabled by default. Previously, it was reported as script. (Firefox bug 1858078 and Firefox bug 1950836)

Experimental web features

These features are newly shipped in Firefox 138 and are considered experimental. They may be disabled by default or enabled by default but available only in the Nightly build. For features disabled by default, search for the appropriate preference on the about:config page and set it to true. You can find more such features on the Experimental features page.

• UA styles for <h1> nested into sectioning elements: layout.css.h1-in-section-ua-styles.enabled.

  The <h1> heading doesn't decrease in font size now when nested within sectioning elements <article>, <aside>, <nav>, and <section>. The UA styles for <h1> nested within sectioning elements are no longer relevant since the outline algorithm has been removed from the HTML specification. (Firefox bug 1883896).

  As part of a staged rollout of this removal 5% of users of Firefox 138 and 50% of users of Firefox Beta 138 will have the value of layout.css.h1-in-section-ua-styles.enabled set to false (Intent to unship: UA styles for h1 in article, aside, nav, section).

  Note: The preference for this feature works in reverse: it's set to false in the Nightly build, which removes the UA styling for headings nested in sectioning elements. It's set to true in all other channels, which retains the existing UA styling for the nested headings.

• ::details-content CSS pseudo-element: layout.css.details-content.enabled.

  The CSS ::details-content pseudo-element enables you to style the content of the <details> element (Firefox bug 1901037).

• Allow pseudo-elements after element-backed pseudo-elements

  Work has begun on allowing pseudo-elements such as ::first-letter and ::before to be appended to element-backed pseudo-elements such as ::details-content and ::file-selector-button. (Firefox bug 1953557).

  Note: This feature depends on support for the element-backed pseudo-element being targeted, for example: ::details-content, which is behind the layout.css.details-content.enabled preference.

• MutationEvent on path to removal: dom.mutation_events.enabled

  MutationEvent and its associated events (DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMCharacterDataModified, DOMAttrModified) are now disabled on Firefox Nightly by default. (Firefox bug 1951772).

• Notification.actions (Nightly): dom.webnotifications.actions.enabled

  The Notification.actions property can get the actions associated with a Notification, as set using ServiceWorkerRegistration.showNotification(). (Firefox bug 1225110).

• PerformanceEventTiming.interactionId: dom.performance.event_timing.enable_interactionid

  PerformanceEventTiming.interactionId can be used to measure latency timing for events triggered by a particular user interaction. (Firefox bug 1934683).

• HTML Sanitizer API: dom.security.sanitizer.enabled

  The HTML Sanitizer API allow developers to take untrusted strings of HTML and sanitize them for safe insertion into a document's DOM. (Firefox bug 1950605, Firefox bug 1952250).