Last update: September 2021
TL;DR: For WebContainer, we support desktop Chromium-based browsers out of the box. Firefox might work by adjusting some settings.
SharedArrayBuffers (SABs) allow simultaneous access to a chunk of memory from multiple different workers. This is a powerful feature that was disabled temporarily in light of potential security issues. Cross-origin isolation is the key to enabling SABs: by properly configuring some headers and controlling which resources are served to browsers, a site can be considered
crossOriginIsolated, that is, secure enough to use SABs. Both features are enabled in Chromium-based browsers (Chrome, Brave, Edge) and Firefox. Safari has yet to re-introduce SABs through cross-origin isolation.
However, for cross-origin isolation work for our use case, we need the ability to embed arbitrary resources. More accurately, the ability for you to embed arbitrary resources: we want you to be able to write and test your web application seamlessly, regardless of which images, scripts, etc. you include in it. For this to work, we are tracking with interest a new mode of cross-origin isolation that allows this.
Unfortunately, this feature is only enabled (experimentally) in Chrome. We are following current specifications and talking to browser implementors to bring support to other browsers as soon as possible. In the meantime, you might be able to run StackBlitz in other browsers with some tweaks. We do encourage you to try it and provide feedback!
Testing on Firefox
Firefox is still considering whether to add support for new modes of cross-origin isolation. You can test StackBlitz in Firefox Nightly by:
- Opening your browser console and running
localStorage.webcontainer_any_ua = 'true'.
- You will probably need to set Enhanced Tracking Protection to "Standard" if it's set to "Strict".