Firefox 59 for developers

• The Network Monitor Response tab now shows a preview of the rendered HTML — if the response is HTML (Firefox bug 1353319).
• Cookie information shown in the Storage Inspector (see Cookies) now includes a sameSite column showing what the same-site status of each cookie is (Firefox bug 1298370).
• The Rulers tool now includes a readout showing the current dimensions of the viewport (Firefox bug 1402633).
• In Responsive Design Mode, you can now set the screen dimensions using the cursor keys (Firefox bug 1421663). See the Setting screen size section for more details.
• The Raw headers display in the Network Monitor Headers tab now includes the response's status code (Firefox bug 1419401).

• The <textarea> element's autocomplete attribute has been implemented. This lets you enable or disable form auto-fill for the element.

• The overscroll-behavior property and its associated longhand properties — overscroll-behavior-x and overscroll-behavior-y — have been implemented (Firefox bug 951793), and it has been enabled by default on all releases (Firefox bug 1428879).
• The behavior of "unusual elements" (elements that aren't rendered purely by CSS box concepts such as replaced elements) when given a display value of contents has been updated as per spec (Firefox bug 1427292). See Appendix B: Effects of display: contents on Unusual Elements for exactly what the specified behaviors are.
• position sticky is now supported on appropriate HTML table parts (e.g. <th> elements) (Firefox bug 975644).
• calc() is now supported in <color> values — rgb(), rgba(), hsl(), and hsla() (Firefox bug 984021).
• calc() in media query values is now supported Firefox bug 1396057.
• The @document at-rule has been limited to use only in user and UA sheets (Firefox bug 1035091).
• Implement the font-optical-sizing property (Firefox bug 1435692).

No changes.

No changes.

New APIs

• PointerEvents have been enabled in Firefox Desktop (Firefox bug 1411467).

DOM

• The EventTarget() constructor has been implemented (Firefox bug 1379688).
• The Response() constructor can now accept a null value for its body parameter, as per spec (Firefox bug 1303025).

DOM events

• The Event.composedPath() method has been implemented (Firefox bug 1412775).

Service workers

• The service worker Clients API can now find and communicate with windows in a separate browser process (Firefox bug 1293277).
• Nested about:blank and about:srcdoc iframes will now inherit their parent's controlling service worker. Fixed in (Firefox bug 1293277) and (Firefox bug 1426979).
• When a service worker provides a Response to FetchEvent.respondWith(), the Response.url value will now be propagated to the intercepted network request as the final resolved URL. In the past the FetchEvent.request.url was used for this instead. This means, for example, if a service worker intercepts a stylesheet or worker script, then the provided Response.url will be used to resolve any relative @import or importScripts() subresource loads (Firefox bug 1222008).
• FetchEvent.respondWith() will now trigger a network error if the FetchEvent.request.mode is "same-origin" and the provided Response.type is "cors". (Firefox bug 1222008)

Media and WebRTC

• The MediaStreamTrack property MediaStreamTrack.muted, along with the events mute and unmute and the corresponding event handlers, onmute and onunmute, have been implemented. A track's muted state indicates that the track is not currently able to provide media data.

  Note: The muted state of a track isn't useful for what's typically thought of as muting and unmuting a track. Instead, use the enabled property; setting enabled to false causes the track to output only empty frames.

• Firefox 59 on Android now supports Apple's HTTPS Live Streaming (HLS) protocol for both audio and video. This non-standard protocol is being supported on mobile to improve compatibility with sites that require it for mobile streaming. There is not currently any plan to implement it on Firefox Desktop.

• The RTCRtpReceiver methods getContributingSources() and getSynchronizationSources() have been implemented to provide information about the sources of each RTP stream. However, a specification change occurred before release and we have disabled these by default behind the preference media.peerconnection.rtpsourcesapi.enable (Firefox bug 1363667, Firefox bug 1430213, and Firefox bug 1433236.

• The RTCRtpTransceiver interface has now been implemented, since the Firefox implementation of WebRTC now supports transceivers, with RTCPeerConnection and other interfaces updated to use them per the latest specification.

• The RTCPeerConnection.addTransceiver() method has been added. In addition, the behavior of addTrack() has been updated to create a transceiver as required.

• Support for WebVTT regions was implemented in Firefox 58 but disabled by default. They're now available by default (Firefox bug 1415805).

• Firefox now supports WebVTT REGION definition blocks whose settings list has one setting per line instead of all of the settings being on the same line of the WebVTT file (Firefox bug 1415821.

Canvas and WebGL

No changes.

The CSSNamespaceRule interface and its namespaceURL and prefix properties have been implemented (Firefox bug 1326514).

No changes.

• Top-level navigation to data: URLs has been blocked Firefox bug 1401895. See Blocking Top-Level Navigations to data URLs for Firefox 59 for more details.
• The SAMEORIGIN directive of the X-Frame-Options header has been changed so that it checks not only the top-level IFrame is in the same origin, but all its ancestors as well (Firefox bug 725490).
• Image resources loaded from different origins to the current document are no longer able to trigger HTTP authentication dialogs (Firefox bug 1423146).
• HTTP authentication now uses utf-8 encoding for usernames and passwords (rather than ISO-8859-1) for parity with other browsers, and to avoid potential problems as described in Firefox bug 1419658.
• Everyday the HSTS preload list is updated from Google. Normally this doesn't warrant a note, but in this release new TLDs were included, notably .app and .dev. While they are new TLDs developers might have used them for local development and be surprised by this change. Note that reserved TLDs should be used for local development instead.

No changes.

No changes.

The non-standard version parameter of the <script> element's type attribute (e.g. type="application/javascript;version=1.8") has been removed (Firefox bug 1428745).

• The proprietary mozmm <length> unit has been removed (Firefox bug 1416564).
• The proprietary -moz-border-top-colors, -moz-border-right-colors, -moz-border-bottom-colors, and -moz-border-left-colors properties have been limited to usage in chrome code only (Firefox bug 1417200).

• Non-standard conditional catch clauses have been removed (Firefox bug 1228841).

• The non-standard method Event.getPreventDefault() has been removed. You should instead use the Event.defaultPrevented property to determine whether or not preventDefault() was called on the Event.
• The proprietary Navigator.mozNotification property and DesktopNotification interface have been removed, in favor of the standard Notifications API (Firefox bug 952453).
• The proprietary window.external.addSearchEngine() method has been removed (Firefox bug 862147). Also see Window.external for more details.
• The non-standard Firefox-only HTMLMediaElement property mozAutoplayEnabled has been removed.

Support for SMIL's accessKey feature has been removed (Firefox bug 1423098).

Support for the non-standard pcast: and feed: protocols has been removed from Firefox (Firefox bug 1420622).

• Theme updates:

  • new properties: colors.background_tab_text, colors.toolbar_field_border
  • all color properties now support both Chrome-style arrays and CSS color values.

• New browser settings:

  • contextMenuShowEvent
  • openBookmarksInNewTabs
  • openSearchResultsInNewTabs
  • proxyConfig

• New tabs APIs:

  • tabs.captureTab()
  • tabs.hide()
  • tabs.show()

• The contextMenus API now supports a "bookmark" context.

• New contentScripts API enables runtime registration of content scripts.

• New pageAction, browserAction, SidebarAction APIs:

  • browserAction/pageAction/sidebarAction.set* functions now accept null to undo changes.
  • browserAction.isEnabled(), pageAction.isShown(), sidebarAction.isOpen() functions.

• New option in page_action to show page actions by default.

• New values for protocol_handlers:

  • "ssb" for Secure Scuttlebutt communications
  • "dat" for DATproject
  • "ipfs", "ipns", "dweb" for IPFS

• New privacy.websites setting "cookieConfig".

• Support in cookies API for first-party isolation.

• New option upgradeToSecure in webRequest.