Browser Support

Last update: September 2021

TL;DR: For WebContainer, we support desktop Chromium-based browsers out of the box. Firefox might work by adjusting some settings.

StackBlitz requires some of the latest additions to the Web Platform to work correctly when running WebContainer-based projects. Chiefly among them are SharedArrayBuffer and cross-origin isolation.

SharedArrayBuffers (SABs) allow simultaneous access to a chunk of memory from multiple different workers. This is a powerful feature that was disabled temporarily in light of potential security issues. Cross-origin isolation is the key to enabling SABs: by properly configuring some headers and controlling which resources are served to browsers, a site can be considered crossOriginIsolated, that is, secure enough to use SABs. Both features are enabled in Chromium-based browsers (Chrome, Brave, Edge) and Firefox. Safari has yet to re-introduce SABs through cross-origin isolation.

However, for cross-origin isolation work for our use case, we need the ability to embed arbitrary resources. More accurately, the ability for you to embed arbitrary resources: we want you to be able to write and test your web application seamlessly, regardless of which images, scripts, etc. you include in it. For this to work, we are tracking with interest a new mode of cross-origin isolation that allows this.

Unfortunately, this feature is only enabled (experimentally) in Chrome. We are following current specifications and talking to browser implementors to bring support to other browsers as soon as possible. In the meantime, you might be able to run StackBlitz in other browsers with some tweaks. We do encourage you to try it and provide feedback!

When testing in unsupported browsers, please take into account that there might be minor differences in the behavior of WebContainer. After all it is a Node.js runtime, and Node.js itself is tied to some degree to V8, Chromium's JavaScript VM.

Testing on Firefox

Firefox is still considering whether to add support for new modes of cross-origin isolation. You can test StackBlitz in Firefox Nightly by:

  1. Setting dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled to true in about:config.
  2. Opening your browser console and running localStorage.webcontainer_any_ua = 'true'.
  3. You will probably need to set Enhanced Tracking Protection to "Standard" if it's set to "Strict".