Articles by Chris Mills
-
Firefox 74,为安全赋予更多价值
Firefox 74已于今日发布。新版本最重要的新增功能体现在安全性方面的增强:特征策略(feature policy)、Cross-Origin-Resource-Policy标头及取消了对TLS 1.0 / 1.1的支持。我们还提供了一些新的CSS文本属性功能、可选JS链接运算符和其他2D画布文本测量功能,以及海量DevTools增强功能和错误修复功能。请照例阅读重点内容或从以下文章中找到所有新增内容的完整列表: Firefox 74开发人员必读 Firefox 74网站兼容性 Firefox 74最终用户发行说明 安全性增强 让我们了解一下74版本在安全性上的增强。 特征策略(Feature Policy) 最终版中Feature Policy(功能策略)默认开启。您现在可以使用<iframe> allow属性和Feature-PolicyHTTP标头为顶级文档和iframe设置功能权限。语法示例如下: <iframe src="https://example.com" allow="fullscreen"></iframe> Feature-Policy: microphone 'none'; geolocation 'none' CORP 我们还提供对Cross-Origin-Resource-Policy(CORP)标头的支持,允许站点和应用程序选择拒绝某些跨域请求(例如来自<script>和<img>元素的请求)。这有助于减少潜在的旁路攻击(例如Spectre和Meltdown)以及跨站点脚本包含攻击。 选项包括same-origin和same-site。same-origin仅允许同一方案、主机和端口的请求读取相关资源。除网络默认的同源策略外,它还提供了更多级别的保护。same-site仅允许来自同一站点的请求。 若要使用CORP,则必须将标头设置为下列值之一,例如: Cross-Origin-Resource-Policy: same-site 移除TLS 1.0 / 1.1 最后还有一点(但并非不重要),Firefox 74取消了对TLS 1.0 / 1.1的支持,以帮助提高Web平台的总体安全级别。这对于推动TLS生态系统向前发展以及消除由TLS 1.0 / 1.1造成的许多漏洞至关重要,TLS 1.0 / 1.1并没有我们想像的那样健壮,急需隐退。 Mozilla、Google、Microsoft和Apple于2018年10月首次共同倡议对其进行修改。如今到了2020年3月,我们都兑现了诺言(Apple除外,Apple将稍晚些时候做出更改)。 其结果是要确保您的Web服务器支持TLS 1.2或1.3以上。请阅读有关移除TLS 1.0和1.1的更新说明,以了解如何测试和更新TLS/SSL配置。从现在开始,连接到使用旧版本TLS的服务器时,Firefox将返回安全连接失败(Secure Connection Failed)错误。如果尚未升级,请立即升级! 注意:在未来几个发布周期(对于Firefox的延长支持版本来说,发布周期会更长),安全连接失败(Secure […]
-
Security means more with Firefox 74
The release of Firefox 74 is focused on security enhancements: Feature Policy, the Cross-Origin-Resource-Policy header, and removal of TLS 1.0/1.1 support. We’ve also got some new CSS text property features, the JS optional chaining operator, and additional 2D canvas text metric features, along with the usual wealth of DevTools enhancements and bug fixes.
-
Firefox 73 is upon us
Today we’ve released Firefox 73, with useful additions that include CSS and JavaScript updates, and numerous DevTools improvements. We’ve added to CSS logical properties, pushed performance forward in the Console and the Debugger, and improved the WebSocket inspector. Thanks to all for the ongoing DevTools feedback.
-
Firefox 72 — our first song of 2020
Though we are moving to a more frequent four-week browser release cycle, the Firefox 72 release is feature-rich and full of goodies. It includes many requested DevTools' updates and improvements. We also introduce Shadow Parts and the CSS Motion Path, and useful new JavaScript features. Plus, Picture-in-picture for video is now enabled for Mac and Linux users too!
-
Firefox 71: A year-end arrival
Please welcome Firefox 71 to the stage! This time around, we have a plethora of new developer tools features including the web socket message inspector, console multi-line editor mode, log on events, and network panel full text search! And as if that wasn’t enough, there are important new web platform features available, like CSS subgrid, column-span, Promise.allSettled, and the Media Session API.
-
Firefox 70 — a bountiful release for all
Firefox 70 is released today, and includes great new features such as secure password generation with Lockwise and the new Firefox Privacy Protection Report, as well as cool additions for developers. These include DOM mutation breakpoints and inactive CSS rule indicators in the DevTools, several new CSS text properties, two-value display syntax, and JS numeric separators. In this article, we’ll take a closer look at some of the highlights!
-
Firefox 69 — a tale of Resize Observer, microtasks, CSS, and DevTools
For our latest excellent adventure, we’ve gone and cooked up a new Firefox release. Version 69 features a number of great new additions including JavaScript public instance fields, the Resize Observer and Microtask APIs, CSS logical overflow properties (e.g. overflow-block) and @supports for selectors.
-
Firefox 65: WebP support, Flexbox Inspector, new tooling & platform updates
Firefox 65 ships today with some notable Firefox Devtools updates, including the release of the CSS Flexbox Inspector, a new changes panel, and more. We're shipping CSS platform improvements and updates to a variety of JavaScript APIs. Firefox 65 supports the WebP image format, and support for AV1, an open and royalty-free video compression format, is shipping now in Firefox 65 for Windows.
-
Firefox 64 Released
The year's last release of Firefox bundles together goodies for all, including multi-tab management in the interface, new CSS features, devtools improvements, better privacy protections, add-ons updates, and much, much more. Read all about it!
-
Essential WebVR resources
With the release of the WebVR API v1.1, and WebVR support in Firefox 55, here's a collection of useful resources for WebVR development. From the landing page at vr.mozilla.org to the A-Frame website and community, here's everything you need to get started.