Fixes

• Fix exception thrown when a stock asset is removed
• Remove obsolete assets

Release notes

Changes

A new raw setting has been added: suspendTabsUntilReady. The purpose is exactly the same as the same setting in uBlock Origin, so you can refer to uBO's documentation. That setting is taken into account only with Chromium-based browsers, as Firefox is properly equipped to deal with network requests fired before uMatrix is ready.

Closed as fixed:

• Cookies missing on very first request if website has service worker with fetch event handler
• Incorrect display of hostnames with numbers in the logger
• Custom recipe does not appear
• Requests bypass uMatrix on Firefox start

Pull requests

• Show placeholder for blocked frame elements by xofe
• More unused code cleaning by rhendric
• Cleaning by rhendric
• Minor fixes by xofe

Commits to master since last release.

Changes


Logger

The popup panel is now tab selector-bound (rather than logger entry-bound), i.e. it is associated with the tab currently selected.

There is a new UI to allow setting rules on a per logger entry basis (click the 3rd column): it is similar in look and use to the matrix UI, but it is minimalist: rules which are relevant only for the current entry in the logger are shown. [Note that I am having second thoughts about that new UI -- hence why I have held on releasing a new stable version, because it still does not give access to the per-scope switches. Ideally I should reuse the popup panel, but this will require refactoring work. However, I can't keep on holding forever a stable release, so for now this will be the solution for dealing with setting rules for tab-less network requests.]

Two columns have been added:

• a column to provide the scope in which network requests are made;
• a column to provide visual hint for the third-partyness of requests.

The visual to represent tab-less network requests has been modified. Tab-less network requests will now be represented with "curtains" in the 3rd column.


Closed as fixed:

• "Corrupted Content Error"
• Logger not working in sidebar
• When pasting multiple lines into the rules editor they are joined together in a single line
• Is there a way to disable JavaScript in local file:// for firefox?
  
  • The idea for the fix has been borrowed from NoScript: use a DOM-based <meta http-equiv=...> tag to inject CSP directives. This will apply only to documents fetched using file: scheme.
    
  • The fix requires the API browser.contentScripts, which only Firefox supports.
  
  
• Migrate icons to FontAwesome svg files (from the font file)
• Race condition potentially causing auto-update to be disregarded at launch time
• Behind-the-scene broken at gmail
• Images, videos opened directly in a tab are bypassing respective block rules
• Multiple Redirects Fail
• Some entries are only briefly shown in uMatrix

Complete release notes for 1.3.14 available here.

Closed as fixed:

• uMatrix uses the false domain 1.wyciwyg-scheme instead of the real one
• My rules tab hangs with cloud storage support

Commit history between 1.3.12 and 1.3.14

Complete release notes for 1.3.12 available here.

Closed as fixed:

• Placeholder iframe not shown on particular site using Firefox

Commit history between 1.3.10 and 1.3.12

Complete release notes for 1.3.10 available here.

Closed as fixed:

• No web page found issue
• Custom recipes don't show up when visiting corresponding host

Commit history between 1.3.8 and 1.3.10

Complete release notes for 1.3.8 available here.

Closed as fixed:

• Ruleset pane size miscalculated
• Placeholder in logger "Network error" message is not replaced
• Shared Workers

Commit history between 1.3.6 and 1.3.8

Complete release notes for 1.3.6 available here.

Changes:

CodeMirror's MergeView has been integrated into the "My rules" pane, this should make it easier to manage your ruleset.

Improved the visuals and behavior of Recipes icon (the puzzle icon) in popup panel.

Closed as fixed:

• CSP error notification -> Conflicting with uBlock Origin?

Commit history between 1.3.4 and 1.3.6

Complete release notes for 1.3.4 available here.

New

[Status: experimental] A new button ("puzzle" piece icon) is available in the popup panel: uMatrix will offer you the ability to import community-contributed ruleset recipes which are relevant to the current page (see #30). Hopefully there will be many contributions to populate ruleset recipes ready to be used to unbreak sites.

A tooltip has been added to the global scope selector (*) in the popup panel.

A new setting has been added in the Settings pane: "Disable tooltips".

Changes

The setting "Show the number of distinct requests on the icon" has been changed to "Show the number of blocked resources on the icon": the number of blocked resources is much more useful than the number of distinct resources. This will make it clear now that uMatrix is still blocking stuff even after you think you had configured it to no longer block stuff (example: #938).

The icon badge is back to being enabled by default with new installations of uMatrix.

Closed as fixed:

• Ability to enforce _escaped_fragment_=
• Report more accurately that resources are being blocked following page load
• [Performance] Implement ability to snapshot memory to improve load times
• When first installing uMatrix, the setting "Auto-update hosts files" is disabled by default

Commit history between 1.3.2 and 1.3.4

Complete release notes for 1.3.2 available here.

Closed as fixed:

• uMatrix does not report inline styles

Commit history between 1.3.0 and 1.3.2

Complete release notes for 1.3.0 available here.

Fixed:

• noscript tags improperly rendered in XML-based HTML documents (report).
• No way to configure advanced settings in uMatrix/webext
• Pages can detect uMatrix's presence with pure CSS

Commit history between 1.2.0 and 1.3.0

Complete release notes for 1.2.0 available here.

Changes

Appearance

More choices of text size for the matrix UI in the Settings pane (text size dictates the popup panel size).

Per-scope switches

New switch: "Forbid web workers"

Purpose should be obvious.

Note that nuisance coin miners typically use web workers, so forbidding web workers globally might be a good idea, though mind that there are legitimate use for web workers. Keep in mind many of these miners are launched as 1st-party, so the new switch allows you to forbid them even when you allow 1st-party scripts.

uMatrix is able to detect when a web worker is being instantiated. However, this does not work for Firefox 57-58, but works fine in Firefox 59 (Nightly). The reason is that SecurityViolationPolicyEvent has been implemented just recently in Nightly.

So this means if you are using uMatrix with Firefox 57-58, uMatrix will be unable to report to you whether web workers are used by a page, though you will be able to block these fine with the new per-scope switch. With Nightly, use (or attempt to use) web workers is properly reported in the logger and in the popup panel.

Per-scope switches redesigned and renamed

"Strict HTTPS" has been renamed "Forbid mixed content": I see too many instances of people thinking this feature is a replacement for HTTPS Everywhere: it is not.

The new visual will now convey whether a switch is relevant for the current document. A dot in the toggle button means that the switch is relevant, i.e. uMatrix may affect the page if the switch is toggled on.

• Forbid mixed content: a dot means that mixed content has been detected on the page.
• Forbid web workers: a dot means that web workers have been detected on the page (as mentioned above, the detection does not work for Firefox 57-58).
• Spoof referer header: a dot means that 3rd-party referrer information has been seen in network traffic.
• Spoof <noscript> tags: a dot means <noscript> tags have been detected in the current page.

I added info links to each per-scope switch: the links are pages from Mozilla Developer Network, so this gives a chance for the page to load in the user locale.

Logger

Ability to open the logger in the sidebar.

Note that since the logger is unified, should you open additional logger views, these will be left unused, until the first view is closed. By design.

Closed as fixed:

• Possible to improve image placeholders? Sometimes they are just too tiny (1px)

Commit history between 1.1.20 and 1.2.0

Summary of Release notes for 1.1.20

Changes: Settings

A new option in the Settings pane, as requested in #335:

[x] Collapse placeholder of blacklisted elements

Checked by default.

The purpose of this new setting should be obvious: it makes it possible to collapse discriminately elements according to whether they were blocked as a result of a hostname being blacklisted or as a result for a more generic block rule.

For example, 3rd-party iframes are blocked by default. But you may not want embedded Youtube videos to be collapsed, while on the other hand you may want embedded ads from some blacklisted origins to be visually collapsed. The new settings allows to distinguish between blocked and blacklisted.

Changes: Logger

The logger will now inform when uMatrix removes/modifies HTTP headers:

• An uppercase COOKIE entry means that an outgoing Cookie header was removed;
  
• An uppercase REFERER entry means that an outgoing Referer header was modified;

These are reported only for network request of type doc, so as to not spam logger output since referrer spoofing and cookie header removal can occur for every single network request.

Accepted pull requests:

• Fix noscript spoof setting not being saved on change

Closed as fixed:

• Blocked images download but only briefly display when loaded directly
  
• Remove Referer instead of spoofing it for non-GET requests
  
• SVGs not interact properly if scripts are blocked (though it says 0 scripts in the page)
  
• Script not detected on cgit commit page
  
• Collapse placeholders for blacklisted hostnames

Commit history between 1.1.18 and 1.1.20

Summary of Release notes for 1.1.18

Closed as fixed:

• uMatrix dropdown renders as empty and inactive
  
  • This was affecting people who completely forbid cookies on all sites.
    
• Completed fix to "<noscript> is ignored when uMatrix blocks JavaScript"
  
  • Automatic redirect when there is a meta http-equiv="refresh" ...> tag present.
    

Commit history between 1.1.16 and 1.1.18

Summary of Release notes for 1.1.16

Fixed: uMatrix dropdown renders as empty and inactive

Summary of Release notes for 1.1.14

Changes

The Privacy pane has been merged into the Settings pane in the dashboard.

Privacy-wise flawed user agent switcher removed

User agent spoofing as been removed. This was planned since a long while. The bottom line is that user agent spoofing for privacy purpose is best left to a dedicated extension, and really your best choice privacy-wise is probably to rely on Firefox's recent fingerprinting-resistance feature.

<noscript> tags

A new global setting has been added in the dashboard: "Spoof <noscript> tags when 1st-party scripts are blocked". Disabled by default so as to not change uMatrix's current behavior.

Since spoofing <noscript> is not necessarily always desirable, the global setting can be overridden on a per-scope basis with the "<noscript> tag spoofing" switch.

This feature is most useful to users who block 1st-party scripts by default.

Note that this might be the long term approach used for enabling <noscript> tags: the approach planned by Firefox is not really suitable to uMatrix, as this would require to completely disable javascript for a site (causing the matrix ruleset to be disregarded), while with the current approach, one can still enable 3rd-party scripts and yet have the <noscript> tags spoofed.

I have observed that the feature behave slightly differently on Firefox than on Chromium: Firefox will not react to <meta http-equiv="refresh"> tags, while Chromium does. I do believe this can be fixed, and I will experiment more with this.

Blocked root document

Ability to parse the URL of blocked document has been imported from uBO:

Document blocked example

Unlike uBO however, the parsed URL information is expanded by default since uMatrix is meant for advanced users (you can collapse it by clicking on the magnifier).

Logger

Ability to open the logger in its own (popup) window, just as with uBO. If you want the logger to be in its own separate window, press Shift while clicking the logger icon will cause the logger to always be launched as a separate window. You do not need to press the Shift next time, it's only used to toggle between both attached/detached states.

Closed as fixed:

• uMatrix doesn't keep "show only domains" in Private Window
• Logger's embedded popup panel fails to resize properly
• Bypass redirects
• <noscript> is ignored when uMatrix blocks JavaScript
• navigator.platform is exposed despite Spoof User-Agent

Commit history between 1.1.12 and 1.1.14

Summary of Release notes for 1.1.14

Changes

The Privacy pane has been merged into the Settings pane in the dashboard.

Privacy-wise flawed user agent switcher removed

User agent spoofing as been removed. This was planned since a long while. The bottom line is that user agent spoofing for privacy purpose is best left to a dedicated extension, and really your best choice privacy-wise is probably to rely on Firefox's recent fingerprinting-resistance feature.

<noscript> tags

A new global setting has been added in the dashboard: "Spoof <noscript> tags when 1st-party scripts are blocked". Disabled by default so as to not change uMatrix's current behavior.

Since spoofing <noscript> is not necessarily always desirable, the global setting can be overridden on a per-scope basis with the "<noscript> tag spoofing" switch.

This feature is most useful to users who block 1st-party scripts by default.

Note that this might be the long term approach used for enabling <noscript> tags: the approach planned by Firefox is not really suitable to uMatrix, as this would require to completely disable javascript for a site (causing the matrix ruleset to be disregarded), while with the current approach, one can still enable 3rd-party scripts and yet have the <noscript> tags spoofed.

I have observed that the feature behave slightly differently on Firefox than on Chromium: Firefox will not react to <meta http-equiv="refresh"> tags, while Chromium does. I do believe this can be fixed, and I will experiment more with this.

Blocked root document

Ability to parse the URL of blocked document has been imported from uBO:

Document blocked example

Unlike uBO however, the parsed URL information is expanded by default since uMatrix is meant for advanced users (you can collapse it by clicking on the magnifier).

Logger

Ability to open the logger in its own (popup) window, just as with uBO. If you want the logger to be in its own separate window, press Shift while clicking the logger icon will cause the logger to always be launched as a separate window. You do not need to press the Shift next time, it's only used to toggle between both attached/detached states.

Closed as fixed:

• uMatrix doesn't keep "show only domains" in Private Window
• Logger's embedded popup panel fails to resize properly
• Bypass redirects
• <noscript> is ignored when uMatrix blocks JavaScript
• navigator.platform is exposed despite Spoof User-Agent

Commit history between 1.1.12 and 1.1.14

Summary of Release notes for 1.1.12

New mini-guides for new users

• The popup panel
• How to create rules which apply everywhere, on all web sites
• How to block 1st-party scripts everywhere by default
• How to work in hard 3rd-party default-deny by default
• How to work with only global rules and all scripts blocked by default
• How to "allow-all" in uMatrix
• How to get past "uMatrix has prevented the following page from loading

Ongoing work

• Bad matrix scaling on Firefox mobile

Accepted pull requests:

• @PenguinDad: Fix color-blind friendly mode (dev build regression)
• @shub-nougat: Scopes hover
• @xofe: Minor fixes
• @xofe: Remove some unused resources (holdovers from HTTPSB)
• @StoyanDimitrov: Remove unused l10n string
• @Neui: Use native textarea when editing user rules
• @Pulsera: Commented out unused code

Commit history between 1.1.10 and 1.1.12

Summary of Release notes for 1.1.10

Fixed a minor CSS regression causing the persist/erase buttons to not be properly updated while in the global scope (reported here).

Summary of Release notes for 1.1.8

Changes

You can now set the default scope level in the Settings pane in the dashboard (as requested in #821). The popup panel will always use the selected default scope the first time it is opened (whereas before the last selected scope was used).

The scope selector in the popup panel has been revisited as per suggested solution in #821. It works very well compared to the previous way of selecting a scope (dropdown list). Other virtuous side effects:

• it puts the ability to work in global scope in full view -- this will probably help dispel the often heard erroneous conclusion that it is not possible to create global rules.
• it also enables the ability to set the scope to anything in between full hostname and top-level domain (as per Public Suffix List).

Firefox for Android

Tentative support for Firefox for Android. See #828. I was not planning to maintain a version for Android, but contrary to what I thought, it turns out this might be just a trivial task (thanks to webext).

Closed as fixed:

• Default Namespace

Commit history between 1.1.6 and 1.1.10

Summary of Release notes for 1.1.8

Changes

You can now set the default scope level in the Settings pane in the dashboard (as requested in #821). The popup panel will always use the selected default scope the first time it is opened (whereas before the last selected scope was used).

The scope selector in the popup panel has been revisited as per suggested solution in #821. It works very well compared to the previous way of selecting a scope (dropdown list). Other virtuous side effects:

• it puts the ability to work in global scope in full view -- this will probably help dispel the often heard erroneous conclusion that it is not possible to create global rules.
• it also enables the ability to set the scope to anything in between full hostname and top-level domain (as per Public Suffix List).

Firefox for Android

Tentative support for Firefox for Android. See #828. I was not planning to maintain a version for Android, but contrary to what I thought, it turns out this might be just a trivial task (thanks to webext).

Closed as fixed:

• Default Namespace

Commit history between 1.1.6 and 1.1.8

Summary of Release notes for 1.1.6

Changes

Important: A new default rule has been added following investigation of that issue. The rule will exist for new installations of uMatrix, but will not be imported for existing installations of uMatrix. In such case, I strongly suggest you add it manually in your My rules pane (don't forget to commit):

matrix-off: wyciwyg-scheme true

Closed as fixed:

• frames still blocked after pressing umatrix reload button
  
  • Pressing Shift while clicking the reload button will now cause the browser cache to be bypassed, which is sometimes necessary after adding/removing rules.
    
• Make placeholders in iframes clickable
  
  • The placeholders were already clickable, the clickable item has just been made a bit larger.
    

Commit history between 1.1.4 and 1.1.6

Summary of Release notes for 1.1.4

Much translation work has been imported from https://crowdin.com/project/umatrix.

Closed as fixed:

• Cloud storage merge button broken
  
  • The pull-and-merge button does not visually render completely properly on Firefox (the plus sign is supposed to be top-right), I still need to investigate this.
    
• "Preferences" in about:addons should lead to the preferences

Commit history between 1.1.0 and 1.1.4

Summary of Release notes for 1.1.0

Commit history between 1.0.0 and 1.1.0